From: Petr Vaněk <pv@excello.cz>
Date: Fri, 31 Jul 2020 07:12:59 +0000 (+0200)
Subject: ip-xfrm: add support for oseq-may-wrap extra flag
X-Git-Tag: v5.9.0~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7f1974f6e319ff733d7c9c6d1d1ad7a289e9d58;p=thirdparty%2Fiproute2.git

ip-xfrm: add support for oseq-may-wrap extra flag

This flag allows to create SA where sequence number can cycle in
outbound packets if set.

Signed-off-by: Petr Vaněk <pv@excello.cz>
Signed-off-by: David Ahern <dsahern@kernel.org>
---

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index fec206abc..cac8ba250 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -953,6 +953,9 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
 		XFRM_FLAG_PRINT(fp, extra_flags,
 				XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
 				"dont-encap-dscp");
+		XFRM_FLAG_PRINT(fp, extra_flags,
+				XFRM_SA_XFLAG_OSEQ_MAY_WRAP,
+				"oseq-may-wrap");
 		if (extra_flags)
 			fprintf(fp, "%x", extra_flags);
 	}
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index f4bf3356b..ddf784cad 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -104,7 +104,7 @@ static void usage(void)
 		"FLAG-LIST := [ FLAG-LIST ] FLAG\n"
 		"FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn\n"
 		"EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n"
-		"EXTRA-FLAG := dont-encap-dscp\n"
+		"EXTRA-FLAG := dont-encap-dscp | oseq-may-wrap\n"
 		"SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n"
 		"UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ dport PORT ] |\n"
 		"                  { icmp | ipv6-icmp | mobility-header } [ type NUMBER ] [ code NUMBER ] |\n"
@@ -253,6 +253,8 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a
 		while (1) {
 			if (strcmp(*argv, "dont-encap-dscp") == 0)
 				*extra_flags |= XFRM_SA_XFLAG_DONT_ENCAP_DSCP;
+			else if (strcmp(*argv, "oseq-may-wrap") == 0)
+				*extra_flags |= XFRM_SA_XFLAG_OSEQ_MAY_WRAP;
 			else {
 				PREV_ARG(); /* back track */
 				break;
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index aa28db499..4fa316511 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -217,7 +217,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR EXTRA-FLAG " := "
-.B dont-encap-dscp
+.BR dont-encap-dscp " | " oseq-may-wrap
 
 .ti -8
 .BR "ip xfrm policy" " { " add " | " update " }"