ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies

The XFRMA_IF_ID attribute is set in policies/states for them to be
associated with an XFRM interface (4.19+).

Add support for setting / displaying this attribute.

Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
was provided in command line.

Tested-by: Antony Antony <antony@phenome.org>
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index b153b863569bb813cd1b44a21a9a6b365ee254f2..32f560933a47767ef87d51fe970f025f303af299 100644 (file)
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -891,6 +891,14 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
                        (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
                fprintf(fp, "%s", _SL_);
        }
+       if (tb[XFRMA_IF_ID]) {
+               __u32 if_id = rta_getattr_u32(tb[XFRMA_IF_ID]);
+
+               if (prefix)
+                       fputs(prefix, fp);
+               fprintf(fp, "if_id %#x", if_id);
+               fprintf(fp, "%s", _SL_);
+       }
 }
 
 static int xfrm_selector_iszero(struct xfrm_selector *s)

diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index feccaadac2db1eedd9dbcb1dab3bc3ca15f8165c..4a63e9ab602d7a954a01f6cb64d55929d7f555c7 100644 (file)
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -55,7 +55,7 @@ static void usage(void)
        fprintf(stderr, "Usage: ip xfrm policy { add | update } SELECTOR dir DIR [ ctx CTX ]\n");
        fprintf(stderr, "        [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n");
        fprintf(stderr, "        [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n");
-       fprintf(stderr, "        [ LIMIT-LIST ] [ TMPL-LIST ]\n");
+       fprintf(stderr, "        [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n");
        fprintf(stderr, "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n");
        fprintf(stderr, "        [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n");
        fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ nosock ] [ SELECTOR ] [ dir DIR ]\n");
@@ -270,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
                struct xfrm_user_sec_ctx sctx;
                char    str[CTX_BUF_SIZE];
        } ctx = {};
+       bool is_if_id_set = false;
+       __u32 if_id = 0;
 
        while (argc > 0) {
                if (strcmp(*argv, "dir") == 0) {
@@ -338,6 +340,11 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
                        xfrm_tmpl_parse(tmpl, &argc, &argv);
 
                        tmpls_len += sizeof(*tmpl);
+               } else if (strcmp(*argv, "if_id") == 0) {
+                       NEXT_ARG();
+                       if (get_u32(&if_id, *argv, 0))
+                               invarg("IF_ID value is invalid", *argv);
+                       is_if_id_set = true;
                } else {
                        if (selp)
                                duparg("unknown", *argv);
@@ -380,6 +387,9 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
                          (void *)&ctx, ctx.sctx.len);
        }
 
+       if (is_if_id_set)
+               addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
+
        if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
                exit(1);
 

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 09292da9a220978193f9ccaa04cb7ef0d09da432..9360143756016ca2562797059234eb9b9bebf040 100644 (file)
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -62,6 +62,7 @@ static void usage(void)
        fprintf(stderr, "        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
        fprintf(stderr, "        [ offload [dev DEV] dir DIR ]\n");
        fprintf(stderr, "        [ output-mark OUTPUT-MARK ]\n");
++      fprintf(stderr, "        [ if_id IF_ID ]\n");
        fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n");
        fprintf(stderr, "        [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n");
        fprintf(stderr, "Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n");
@@ -326,6 +327,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
                char    str[CTX_BUF_SIZE];
        } ctx = {};
        __u32 output_mark = 0;
+       bool is_if_id_set = false;
+       __u32 if_id = 0;
 
        while (argc > 0) {
                if (strcmp(*argv, "mode") == 0) {
@@ -445,6 +448,11 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
                        NEXT_ARG();
                        if (get_u32(&output_mark, *argv, 0))
                                invarg("value after \"output-mark\" is invalid", *argv);
+               } else if (strcmp(*argv, "if_id") == 0) {
+                       NEXT_ARG();
+                       if (get_u32(&if_id, *argv, 0))
+                               invarg("value after \"if_id\" is invalid", *argv);
+                       is_if_id_set = true;
                } else {
                        /* try to assume ALGO */
                        int type = xfrm_algotype_getbyname(*argv);
@@ -627,6 +635,9 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
                }
        }
 
+       if (is_if_id_set)
+               addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
+
        if (xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) {
                switch (req.xsinfo.mode) {
                case XFRM_MODE_TRANSPORT: