From 7b201d6019104575fcce121f776008d8c711d925 Mon Sep 17 00:00:00 2001 From: Jakub Sitnicki Date: Wed, 7 Jun 2017 15:23:13 +0200 Subject: [PATCH 1/4] iproute: Remove useless check for nexthop keyword when setting RTA_OIF When modifying a route we set the RTA_OIF attribute only if a device was specified with "dev" or "oif" keyword. But for some unknown reason we earlier alternatively check also for the presence of "nexthop" keyword, even though it has no effect. So remove the pointless check. Signed-off-by: Jakub Sitnicki --- ip/iproute.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ip/iproute.c b/ip/iproute.c index b4ca2911..4fd36a1e 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -1241,16 +1241,14 @@ static int iproute_modify(int cmd, unsigned int flags, int argc, char **argv) if (!dst_ok) usage(); - if (d || nhs_ok) { + if (d) { int idx; - if (d) { - if ((idx = ll_name_to_index(d)) == 0) { - fprintf(stderr, "Cannot find device \"%s\"\n", d); - return -1; - } - addattr32(&req.n, sizeof(req), RTA_OIF, idx); + if ((idx = ll_name_to_index(d)) == 0) { + fprintf(stderr, "Cannot find device \"%s\"\n", d); + return -1; } + addattr32(&req.n, sizeof(req), RTA_OIF, idx); } if (mxrta->rta_len > RTA_LENGTH(0)) { From a9ae195a2169421a5e5cb53238f796a87a4970cd Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 14 Jun 2017 10:10:05 -0700 Subject: [PATCH 2/4] xfrm: get #define's from linux includes Use linux/ipsec.h and linux/in.h to get the definition of IP related protocols. Signed-off-by: Stephen Hemminger --- include/linux/ipsec.h | 47 +++++++++++++++++++++++++++++++++++++++++++ include/utils.h | 13 ------------ ip/xfrm.h | 12 ++--------- 3 files changed, 49 insertions(+), 23 deletions(-) create mode 100644 include/linux/ipsec.h diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h new file mode 100644 index 00000000..d17a6302 --- /dev/null +++ b/include/linux/ipsec.h @@ -0,0 +1,47 @@ +#ifndef _LINUX_IPSEC_H +#define _LINUX_IPSEC_H + +/* The definitions, required to talk to KAME racoon IKE. */ + +#include + +#define IPSEC_PORT_ANY 0 +#define IPSEC_ULPROTO_ANY 255 +#define IPSEC_PROTO_ANY 255 + +enum { + IPSEC_MODE_ANY = 0, /* We do not support this for SA */ + IPSEC_MODE_TRANSPORT = 1, + IPSEC_MODE_TUNNEL = 2, + IPSEC_MODE_BEET = 3 +}; + +enum { + IPSEC_DIR_ANY = 0, + IPSEC_DIR_INBOUND = 1, + IPSEC_DIR_OUTBOUND = 2, + IPSEC_DIR_FWD = 3, /* It is our own */ + IPSEC_DIR_MAX = 4, + IPSEC_DIR_INVALID = 5 +}; + +enum { + IPSEC_POLICY_DISCARD = 0, + IPSEC_POLICY_NONE = 1, + IPSEC_POLICY_IPSEC = 2, + IPSEC_POLICY_ENTRUST = 3, + IPSEC_POLICY_BYPASS = 4 +}; + +enum { + IPSEC_LEVEL_DEFAULT = 0, + IPSEC_LEVEL_USE = 1, + IPSEC_LEVEL_REQUIRE = 2, + IPSEC_LEVEL_UNIQUE = 3 +}; + +#define IPSEC_MANUAL_REQID_MAX 0x3fff + +#define IPSEC_REPLAYWSIZE 32 + +#endif /* _LINUX_IPSEC_H */ diff --git a/include/utils.h b/include/utils.h index bfbc9e6d..915c82e9 100644 --- a/include/utils.h +++ b/include/utils.h @@ -27,19 +27,6 @@ extern int max_flush_loops; extern int batch_mode; extern bool do_all; -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif -#ifndef IPPROTO_COMP -#define IPPROTO_COMP 108 -#endif -#ifndef IPSEC_PROTO_ANY -#define IPSEC_PROTO_ANY 255 -#endif - #ifndef CONFDIR #define CONFDIR "/etc/iproute2" #endif diff --git a/ip/xfrm.h b/ip/xfrm.h index 773c92e9..54d80ce5 100644 --- a/ip/xfrm.h +++ b/ip/xfrm.h @@ -26,17 +26,9 @@ #include #include +#include #include - -#ifndef IPPROTO_SCTP -# define IPPROTO_SCTP 132 -#endif -#ifndef IPPROTO_DCCP -# define IPPROTO_DCCP 33 -#endif -#ifndef IPPROTO_MH -# define IPPROTO_MH 135 -#endif +#include #define XFRMS_RTA(x) ((struct rtattr*)(((char*)(x)) + NLMSG_ALIGN(sizeof(struct xfrm_usersa_info)))) #define XFRMS_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct xfrm_usersa_info)) From a11b7b71a6eba4ee80e931e4f75321a0cf0116f1 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel Date: Wed, 14 Jun 2017 18:45:42 +0200 Subject: [PATCH 3/4] link_gre6: really support encaplimit option This option is documented in gre6 help, but was not supported. Fixes: af89576d7a8c ("iproute2: GRE over IPv6 tunnel support.") Signed-off-by: Nicolas Dichtel --- ip/link_gre6.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ip/link_gre6.c b/ip/link_gre6.c index 205bada7..4d3d4b54 100644 --- a/ip/link_gre6.c +++ b/ip/link_gre6.c @@ -355,6 +355,18 @@ get_failed: invarg("invalid fwmark\n", *argv); flags &= ~IP6_TNL_F_USE_ORIG_FWMARK; } + } else if (strcmp(*argv, "encaplimit") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "none") == 0) { + flags |= IP6_TNL_F_IGN_ENCAP_LIMIT; + } else { + __u8 uval; + + if (get_u8(&uval, *argv, 0) < -1) + invarg("invalid ELIM", *argv); + encap_limit = uval; + flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; + } } else usage(); argc--; argv++; From 3dc98cf2f51ffa2ebcc6c592aa95eae78d04d0c7 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 14 Jun 2017 08:08:12 -0400 Subject: [PATCH 4/4] ip: mroute: Add table output to show command When the user specifies `table all` or `table 0` to the `ip mroute show` command we dump the entirety of the known mroute tables. Without some sort of divisor to tell us what table we are looking at the command is useless. Add `Table: ` to the output of 'ip mroute show table 0' Follow the convention established by 'ip route show table 0' for when to display Signed-off-by: Donald Sharp Reviewed-by: Nikolay Aleksandrov --- ip/ipmroute.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ip/ipmroute.c b/ip/ipmroute.c index 84950037..b51c23cc 100644 --- a/ip/ipmroute.c +++ b/ip/ipmroute.c @@ -178,6 +178,11 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) fprintf(fp, ", Age %4i.%.2i", (int)tv.tv_sec, (int)tv.tv_usec/10000); } + + if (table && (table != RT_TABLE_MAIN || show_details > 0) && !filter.tb) + fprintf(fp, " Table: %s", + rtnl_rttable_n2a(table, b1, sizeof(b1))); + fprintf(fp, "\n"); fflush(fp); return 0;