From b0312111114ed805f84b1e96d73f468e3a372025 Mon Sep 17 00:00:00 2001

From: Andrea Claudi <aclaudi@redhat.com>

Date: Fri, 5 Jun 2020 15:42:49 +0200

Subject: [PATCH] ip: xfrm: add espintcp encapsulation

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844045

Upstream Status: iproute2.git commit 22aec42679d57

commit 22aec42679d57b8e0aef864c4d45feadb727c3ce

Author: Sabrina Dubroca <sd@queasysnail.net>

Date:   Sun Jan 19 11:32:09 2020 +0100

    ip: xfrm: add espintcp encapsulation

    While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use

    the UAPI macros for encap_type as suggested by David Ahern, and add the

    UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP

    definition).

    Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au>

    Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>

    Signed-off-by: David Ahern <dsahern@gmail.com>

---

 ip/ipxfrm.c        | 14 ++++++++++----

 ip/xfrm_state.c    |  2 +-

 man/man8/ip-xfrm.8 |  4 ++--

 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c

index 32f560933a477..fec206abc1f03 100644

--- a/ip/ipxfrm.c

+++ b/ip/ipxfrm.c

@@ -34,6 +34,7 @@

 #include <netdb.h>

 #include <linux/netlink.h>

 #include <linux/rtnetlink.h>

+#include <linux/udp.h>

 #include "utils.h"

 #include "xfrm.h"

@@ -753,12 +754,15 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,

 		fprintf(fp, "type ");

 		switch (e->encap_type) {

-		case 1:

+		case UDP_ENCAP_ESPINUDP_NON_IKE:

 			fprintf(fp, "espinudp-nonike ");

 			break;

-		case 2:

+		case UDP_ENCAP_ESPINUDP:

 			fprintf(fp, "espinudp ");

 			break;

+		case TCP_ENCAP_ESPINTCP:

+			fprintf(fp, "espintcp ");

+			break;

 		default:

 			fprintf(fp, "%u ", e->encap_type);

 			break;

@@ -1208,9 +1212,11 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)

 	char **argv = *argvp;

 	if (strcmp(*argv, "espinudp-nonike") == 0)

-		*type = 1;

+		*type = UDP_ENCAP_ESPINUDP_NON_IKE;

 	else if (strcmp(*argv, "espinudp") == 0)

-		*type = 2;

+		*type = UDP_ENCAP_ESPINUDP;

+	else if (strcmp(*argv, "espintcp") == 0)

+		*type = TCP_ENCAP_ESPINTCP;

 	else

 		invarg("ENCAP-TYPE value is invalid", *argv);

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c

index 44f08ceed24dd..f4bf3356bb01f 100644

--- a/ip/xfrm_state.c

+++ b/ip/xfrm_state.c

@@ -112,7 +112,7 @@ static void usage(void)

 		"LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n"

 		"LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n"

 		"         { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n"

-		"ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n"

+		"ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n"

 		"DIR := in | out\n");

 	exit(-1);

diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8

index cfce1e40b7f7d..f99f30bb448a6 100644

--- a/man/man8/ip-xfrm.8

+++ b/man/man8/ip-xfrm.8

@@ -207,7 +207,7 @@ ip-xfrm \- transform configuration

 .ti -8

 .IR ENCAP " :="

-.RB "{ " espinudp " | " espinudp-nonike " }"

+.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }"

 .IR SPORT " " DPORT " " OADDR

 .ti -8

@@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets.

 .TP

 .I ENCAP

 encapsulates packets with protocol

-.BR espinudp " or " espinudp-nonike ","

+.BR espinudp ", " espinudp-nonike ", or " espintcp ","

 .RI "using source port " SPORT ", destination port "  DPORT

 .RI ", and original address " OADDR "."

-- 

2.26.2