allocspi feature support.

support to specify sequence number. split printing state info function for xfrm common use. (Logical change 1.175)

allocspi feature support.
support to specify sequence number. split printing state info function for xfrm common use. (Logical change 1.175)
fb7399b2 · linux-ipv6.org!nakam · beebd7aa · fb7399b2
Commit fb7399b2 authored Mar 22, 2005 by linux-ipv6.org!nakam
Hide whitespace changes
Inline Side-by-side

Showing with 157 additions and 42 deletions

ip/xfrm_state.c ip/xfrm_state.c +157 -42

No files found.
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -56,8 +56,10 @@ static void usage(void) __attribute__((noreturn));
 static void usage(void)
 {
 	fprintf(stderr, "Usage: ip xfrm state { add | update } ID [ ALGO-LIST ] [ mode MODE ]\n");
-	fprintf(stderr, "        [ reqid REQID ] [ replay-window SIZE ] [ flag FLAG-LIST ]\n");
+	fprintf(stderr, "        [ reqid REQID ] [ seq SEQ ] [ replay-window SIZE ] [ flag FLAG-LIST ]\n");
 	fprintf(stderr, "        [ encap ENCAP ] [ sel SELECTOR ] [ LIMIT-LIST ]\n");
+	fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ reqid REQID ] [ seq SEQ ]\n");
+	fprintf(stderr, "        [ min SPI max SPI ]\n");
 	fprintf(stderr, "Usage: ip xfrm state { delete | get } ID\n");
 	fprintf(stderr, "Usage: ip xfrm state { flush | list } [ ID ] [ mode MODE ] [ reqid REQID ]\n");
 	fprintf(stderr, "        [ flag FLAG_LIST ]\n");
@@ -163,6 +165,22 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
 	return 0;
 }

+static int xfrm_seq_parse(__u32 *seq, int *argcp, char ***argvp)
+{
+	int argc = *argcp;
+	char **argv = *argvp;
+
+	if (get_u32(seq, *argv, 0))
+		invarg("\"SEQ\" is invalid", *argv);
+
+	*seq = htonl(*seq);
+
+	*argcp = argc;
+	*argvp = argv;
+
+	return 0;
+}
+
 static int xfrm_state_flag_parse(__u8 *flags, int *argcp, char ***argvp)
 {
 	int argc = *argcp;
@@ -232,6 +250,9 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
 		} else if (strcmp(*argv, "reqid") == 0) {
 			NEXT_ARG();
 			xfrm_reqid_parse(&req.xsinfo.reqid, &argc, &argv);
+		} else if (strcmp(*argv, "seq") == 0) {
+			NEXT_ARG();
+			xfrm_seq_parse(&req.xsinfo.seq, &argc, &argv);
 		} else if (strcmp(*argv, "replay-window") == 0) {
 			NEXT_ARG();
 			if (get_u8(&req.xsinfo.replay_window, *argv, 0))
@@ -372,6 +393,136 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
 	return 0;
 }

+static int xfrm_state_allocspi(int argc, char **argv)
+{
+	struct rtnl_handle rth;
+	struct {
+		struct nlmsghdr 	n;
+		struct xfrm_userspi_info xspi;
+		char   			buf[RTA_BUF_SIZE];
+	} req;
+	char *idp = NULL;
+	char *minp = NULL;
+	char *maxp = NULL;
+	char res_buf[NLMSG_BUF_SIZE];
+	struct nlmsghdr *res_n = (struct nlmsghdr *)res_buf;
+
+	memset(res_buf, 0, sizeof(res_buf));
+
+	memset(&req, 0, sizeof(req));
+
+	req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xspi));
+	req.n.nlmsg_flags = NLM_F_REQUEST;
+	req.n.nlmsg_type = XFRM_MSG_ALLOCSPI;
+	req.xspi.info.family = preferred_family;
+
+#if 0
+	req.xsinfo.lft.soft_byte_limit = XFRM_INF;
+	req.xsinfo.lft.hard_byte_limit = XFRM_INF;
+	req.xsinfo.lft.soft_packet_limit = XFRM_INF;
+	req.xsinfo.lft.hard_packet_limit = XFRM_INF;
+#endif
+
+	while (argc > 0) {
+		if (strcmp(*argv, "mode") == 0) {
+			NEXT_ARG();
+			xfrm_mode_parse(&req.xspi.info.mode, &argc, &argv);
+		} else if (strcmp(*argv, "reqid") == 0) {
+			NEXT_ARG();
+			xfrm_reqid_parse(&req.xspi.info.reqid, &argc, &argv);
+		} else if (strcmp(*argv, "seq") == 0) {
+			NEXT_ARG();
+			xfrm_seq_parse(&req.xspi.info.seq, &argc, &argv);
+		} else if (strcmp(*argv, "min") == 0) {
+			if (minp)
+				duparg("min", *argv);
+			minp = *argv;
+
+			NEXT_ARG();
+
+			if (get_u32(&req.xspi.min, *argv, 0))
+				invarg("\"min\" value is invalid", *argv);
+		} else if (strcmp(*argv, "max") == 0) {
+			if (maxp)
+				duparg("max", *argv);
+			maxp = *argv;
+
+			NEXT_ARG();
+
+			if (get_u32(&req.xspi.max, *argv, 0))
+				invarg("\"max\" value is invalid", *argv);
+		} else {
+			/* try to assume ID */
+			if (idp)
+				invarg("unknown", *argv);
+			idp = *argv;
+
+			/* ID */
+			xfrm_id_parse(&req.xspi.info.saddr, &req.xspi.info.id,
+				      &req.xspi.info.family, 0, &argc, &argv);
+			if (req.xspi.info.id.spi) {
+				fprintf(stderr, "\"SPI\" must be zero\n");
+				exit(1);
+			}
+			if (preferred_family == AF_UNSPEC)
+				preferred_family = req.xspi.info.family;
+		}
+		argc--; argv++;
+	}
+
+	if (!idp) {
+		fprintf(stderr, "Not enough information: \"ID\" is required\n");
+		exit(1);
+	}
+
+	if (minp) {
+		if (!maxp) {
+			fprintf(stderr, "\"max\" is missing\n");
+			exit(1);
+		}
+		if (req.xspi.min > req.xspi.max) {
+			fprintf(stderr, "\"min\" valie is larger than \"max\" one\n");
+			exit(1);
+		}
+	} else {
+		if (maxp) {
+			fprintf(stderr, "\"min\" is missing\n");
+			exit(1);
+		}
+
+		/* XXX: Default value defined in PF_KEY;
+		 * See kernel's net/key/af_key.c(pfkey_getspi).
+		 */
+		req.xspi.min = 0x100;
+		req.xspi.max = 0x0fffffff;
+
+		/* XXX: IPCOMP spi is 16-bits;
+		 * See kernel's net/xfrm/xfrm_user(verify_userspi_info).
+		 */
+		if (req.xspi.info.id.proto == IPPROTO_COMP)
+			req.xspi.max = 0xffff;
+	}
+
+	if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
+		exit(1);
+
+	if (req.xspi.info.family == AF_UNSPEC)
+		req.xspi.info.family = AF_INET;
+
+
+	if (rtnl_talk(&rth, &req.n, 0, 0, res_n, NULL, NULL) < 0)
+		exit(2);
+
+	if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) {
+		fprintf(stderr, "An error :-)\n");
+		exit(1);
+	}
+
+	rtnl_close(&rth);
+
+	return 0;
+}
+
 static int xfrm_state_filter_match(struct xfrm_usersa_info *xsinfo)
 {
 	if (!filter.use)
@@ -400,18 +551,8 @@ static int xfrm_state_filter_match(struct xfrm_usersa_info *xsinfo)
 	return 1;
 }

-static int xfrm_selector_iszero(struct xfrm_selector *s)
-{
-	struct xfrm_selector s0;
-
-	memset(&s0, 0, sizeof(s0));
-
-	return (memcmp(&s0, s, sizeof(s0)) == 0);
-}
-
-static int xfrm_state_print(const struct sockaddr_nl *who,
-			    struct nlmsghdr *n,
-			    void *arg)
+int xfrm_state_print(const struct sockaddr_nl *who, struct nlmsghdr *n,
+		     void *arg)
 {
 	FILE *fp = (FILE*)arg;
 	struct xfrm_usersa_info *xsinfo = NLMSG_DATA(n);
@@ -439,35 +580,7 @@ static int xfrm_state_print(const struct sockaddr_nl *who,
 	if (n->nlmsg_type == XFRM_MSG_DELSA)
 		fprintf(fp, "Deleted ");

-	xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
-			   xsinfo->reqid, xsinfo->family, 1, fp, NULL);
-
-	fprintf(fp, "\t");
-	fprintf(fp, "replay-window %u ", xsinfo->replay_window);
-	if (show_stats > 0)
-		fprintf(fp, "seq 0x%08u ", xsinfo->seq);
-	if (show_stats > 0 || xsinfo->flags) {
-		__u8 flags = xsinfo->flags;
-
-		fprintf(fp, "flag ");
-		XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
-		XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
-		if (flags)
-			fprintf(fp, "%x", flags);
-		if (show_stats > 0)
-			fprintf(fp, " (0x%s)", strxf_mask8(flags));
-	}
-	fprintf(fp, "%s", _SL_);
-
-	xfrm_xfrma_print(tb, xsinfo->family, fp, "\t");
-
-	if (!xfrm_selector_iszero(&xsinfo->sel))
-		xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, "\tsel ");
-
-	if (show_stats > 0) {
-		xfrm_lifetime_print(&xsinfo->lft, &xsinfo->curlft, fp, "\t");
-		xfrm_stats_print(&xsinfo->stats, fp, "\t");
-	}
+	xfrm_state_info_print(xsinfo, tb, fp, NULL, NULL);

 	if (oneline)
 		fprintf(fp, "\n");
@@ -742,6 +855,8 @@ int do_xfrm_state(int argc, char **argv)
 	if (matches(*argv, "update") == 0)
 		return xfrm_state_modify(XFRM_MSG_UPDSA, 0,
 					 argc-1, argv+1);
+	if (matches(*argv, "allocspi") == 0)
+		return xfrm_state_allocspi(argc-1, argv+1);
 	if (matches(*argv, "delete") == 0 || matches(*argv, "del") == 0)
 		return xfrm_state_get_or_delete(argc-1, argv+1, 1);
 	if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0