ip: xfrm: add espintcp encapsulation

While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use
the UAPI macros for encap_type as suggested by David Ahern, and add the
UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP
definition).

Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David Ahern <dsahern@gmail.com>

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 32f560933a47767ef87d51fe970f025f303af299..fec206abc1f03c40e21e2482a52d987535316a46 100644 (file)
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -34,6 +34,7 @@
 #include <netdb.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
+#include <linux/udp.h>
 
 #include "utils.h"
 #include "xfrm.h"
@@ -753,12 +754,15 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 
                fprintf(fp, "type ");
                switch (e->encap_type) {
-               case 1:
+               case UDP_ENCAP_ESPINUDP_NON_IKE:
                        fprintf(fp, "espinudp-nonike ");
                        break;
-               case 2:
+               case UDP_ENCAP_ESPINUDP:
                        fprintf(fp, "espinudp ");
                        break;
+               case TCP_ENCAP_ESPINTCP:
+                       fprintf(fp, "espintcp ");
+                       break;
                default:
                        fprintf(fp, "%u ", e->encap_type);
                        break;
@@ -1208,9 +1212,11 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
        char **argv = *argvp;
 
        if (strcmp(*argv, "espinudp-nonike") == 0)
-               *type = 1;
+               *type = UDP_ENCAP_ESPINUDP_NON_IKE;
        else if (strcmp(*argv, "espinudp") == 0)
-               *type = 2;
+               *type = UDP_ENCAP_ESPINUDP;
+       else if (strcmp(*argv, "espintcp") == 0)
+               *type = TCP_ENCAP_ESPINTCP;
        else
                invarg("ENCAP-TYPE value is invalid", *argv);
 

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index b03ccc5807e900d82ced4d92d00661e845fc6cf9..df2d50c3843bd58f22e29ed3f0c0bc052911a52d 100644 (file)
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -130,7 +130,7 @@ static void usage(void)
                "LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n"
                "LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n"
                "         { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n"
-               "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n"
+               "ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n"
                "DIR := in | out\n");
 
        exit(-1);

diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index cfce1e40b7f7dc3ae779013bd40d7f55d4390cd6..f99f30bb448a62f03b6e0961fa90fe318e7c4e61 100644 (file)
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -207,7 +207,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR ENCAP " :="
-.RB "{ " espinudp " | " espinudp-nonike " }"
+.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }"
 .IR SPORT " " DPORT " " OADDR
 
 .ti -8
@@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets.
 .TP
 .I ENCAP
 encapsulates packets with protocol
-.BR espinudp " or " espinudp-nonike ","
+.BR espinudp ", " espinudp-nonike ", or " espintcp ","
 .RI "using source port " SPORT ", destination port "  DPORT
 .RI ", and original address " OADDR "."