diff mbox series

[iproute2-next] ip: xfrm: add support for tfcpad

Message ID 1a3dcd1916cc4399c88315e19ab3c2d8948d28c1.1616170525.git.sd@queasysnail.net (mailing list archive)
State Accepted
Delegated to: David Ahern
Headers show
Series [iproute2-next] ip: xfrm: add support for tfcpad | expand

Checks

Context Check Description
netdev/tree_selection success Not a local patch

Commit Message

Sabrina Dubroca March 19, 2021, 4:57 p.m. UTC 
This patch adds support for setting and displaying the Traffic Flow
Confidentiality attribute for an XFRM state, which allows padding ESP
packets to a specified length.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
 ip/ipxfrm.c        |  8 ++++++++
 ip/xfrm_state.c    | 10 +++++++++-
 man/man8/ip-xfrm.8 |  2 ++
 3 files changed, 19 insertions(+), 1 deletion(-)

Comments

David Ahern March 21, 2021, 5:18 p.m. UTC | #1 
On 3/19/21 10:57 AM, Sabrina Dubroca wrote:
> This patch adds support for setting and displaying the Traffic Flow
> Confidentiality attribute for an XFRM state, which allows padding ESP
> packets to a specified length.
> 
> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
> ---
>  ip/ipxfrm.c        |  8 ++++++++
>  ip/xfrm_state.c    | 10 +++++++++-
>  man/man8/ip-xfrm.8 |  2 ++
>  3 files changed, 19 insertions(+), 1 deletion(-)
> 

applied to iproute2-next. Thanks,
diff mbox series

Patch

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index e4a72bd06778..9902fdd3f58e 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -907,6 +907,14 @@  void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 		fprintf(fp, "if_id %#x", if_id);
 		fprintf(fp, "%s", _SL_);
 	}
+	if (tb[XFRMA_TFCPAD]) {
+		__u32 tfcpad = rta_getattr_u32(tb[XFRMA_TFCPAD]);
+
+		if (prefix)
+			fputs(prefix, fp);
+		fprintf(fp, "tfcpad %u", tfcpad);
+		fprintf(fp, "%s", _SL_);
+	}
 }
 
 static int xfrm_selector_iszero(struct xfrm_selector *s)
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index a4f452fa4f48..6fee7efd18c7 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -63,7 +63,7 @@  static void usage(void)
 		"        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n"
 		"        [ offload [dev DEV] dir DIR ]\n"
 		"        [ output-mark OUTPUT-MARK [ mask MASK ] ]\n"
-		"        [ if_id IF_ID ]\n"
+		"        [ if_id IF_ID ] [ tfcpad LENGTH ]\n"
 		"Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n"
 		"        [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n"
 		"Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n"
@@ -331,6 +331,7 @@  static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 	struct xfrm_mark output_mark = {0, 0};
 	bool is_if_id_set = false;
 	__u32 if_id = 0;
+	__u32 tfcpad = 0;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "mode") == 0) {
@@ -465,6 +466,10 @@  static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 			if (get_u32(&if_id, *argv, 0))
 				invarg("value after \"if_id\" is invalid", *argv);
 			is_if_id_set = true;
+		} else if (strcmp(*argv, "tfcpad") == 0) {
+			NEXT_ARG();
+			if (get_u32(&tfcpad, *argv, 0))
+				invarg("value after \"tfcpad\" is invalid", *argv);
 		} else {
 			/* try to assume ALGO */
 			int type = xfrm_algotype_getbyname(*argv);
@@ -650,6 +655,9 @@  static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 	if (is_if_id_set)
 		addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
 
+	if (tfcpad)
+		addattr32(&req.n, sizeof(req.buf), XFRMA_TFCPAD, tfcpad);
+
 	if (xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) {
 		switch (req.xsinfo.mode) {
 		case XFRM_MODE_TRANSPORT:
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index 2669b386ebca..003f6c3d1c28 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -65,6 +65,8 @@  ip-xfrm \- transform configuration
 .IR MASK " ] ]"
 .RB "[ " if_id
 .IR IF-ID " ]"
+.RB "[ " tfcpad
+.IR LENGTH " ]"
 
 .ti -8
 .B "ip xfrm state allocspi"