[PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag

Fri, 31 Jul 2020 00:20:43 -0700 

This flag allows to create SA where sequence number can cycle in
outbound packets if set.

Signed-off-by: Petr Vaněk <p...@excello.cz>
---
 include/uapi/linux/xfrm.h | 1 +
 ip/ipxfrm.c               | 3 +++
 ip/xfrm_state.c           | 4 +++-
 man/man8/ip-xfrm.8        | 2 +-
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 50450f3f..6dfb3c85 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -387,6 +387,7 @@ struct xfrm_usersa_info {
 };
 
 #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP  1
+#define XFRM_SA_XFLAG_OSEQ_MAY_WRAP    2
 
 struct xfrm_usersa_id {
        xfrm_address_t                  daddr;
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index fec206ab..cac8ba25 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -953,6 +953,9 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
                XFRM_FLAG_PRINT(fp, extra_flags,
                                XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
                                "dont-encap-dscp");
+               XFRM_FLAG_PRINT(fp, extra_flags,
+                               XFRM_SA_XFLAG_OSEQ_MAY_WRAP,
+                               "oseq-may-wrap");
                if (extra_flags)
                        fprintf(fp, "%x", extra_flags);
        }
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index f4bf3356..ddf784ca 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -104,7 +104,7 @@ static void usage(void)
                "FLAG-LIST := [ FLAG-LIST ] FLAG\n"
                "FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | 
af-unspec | align4 | esn\n"
                "EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n"
-               "EXTRA-FLAG := dont-encap-dscp\n"
+               "EXTRA-FLAG := dont-encap-dscp | oseq-may-wrap\n"
                "SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV 
] [ UPSPEC ]\n"
                "UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ 
dport PORT ] |\n"
                "                  { icmp | ipv6-icmp | mobility-header } [ 
type NUMBER ] [ code NUMBER ] |\n"
@@ -253,6 +253,8 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, 
int *argcp, char ***a
                while (1) {
                        if (strcmp(*argv, "dont-encap-dscp") == 0)
                                *extra_flags |= XFRM_SA_XFLAG_DONT_ENCAP_DSCP;
+                       else if (strcmp(*argv, "oseq-may-wrap") == 0)
+                               *extra_flags |= XFRM_SA_XFLAG_OSEQ_MAY_WRAP;
                        else {
                                PREV_ARG(); /* back track */
                                break;
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index aa28db49..4fa31651 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -217,7 +217,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR EXTRA-FLAG " := "
-.B dont-encap-dscp
+.BR dont-encap-dscp " | " oseq-may-wrap
 
 .ti -8
 .BR "ip xfrm policy" " { " add " | " update " }"
-- 
2.26.2

Reply via email to