ip: eesp support part 1

2025-04-16 12:50:04 +02:00
parent 131810fb26
commit 6eeb9fe261
4 changed files with 35 additions and 6 deletions
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -67,10 +67,12 @@ int xfrm_addr_match(xfrm_address_t *x1, xfrm_address_t *x2, int bits)
 	return 0;
 }

+#define IPPROTO_EESP 150
 int xfrm_xfrmproto_is_ipsec(__u8 proto)
 {
-	return (proto ==  IPPROTO_ESP ||
-		proto ==  IPPROTO_AH  ||
+	return (proto ==  IPPROTO_ESP  ||
+		proto ==  IPPROTO_EESP ||
+		proto ==  IPPROTO_AH   ||
 		proto ==  IPPROTO_COMP);
 }

@@ -86,9 +88,9 @@ struct typeent {
 };

 static const struct typeent xfrmproto_types[] = {
-	{ "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH }, { "comp", IPPROTO_COMP },
-	{ "route2", IPPROTO_ROUTING }, { "hao", IPPROTO_DSTOPTS },
-	{ "ipsec-any", IPSEC_PROTO_ANY },
+	{ "esp", IPPROTO_ESP }, {"eesp", IPPROTO_EESP }, { "ah", IPPROTO_AH },
+	{ "comp", IPPROTO_COMP }, { "route2", IPPROTO_ROUTING },
+	{ "hao", IPPROTO_DSTOPTS }, { "ipsec-any", IPSEC_PROTO_ANY },
 	{ NULL, -1 }
 };

--- a/ip/tunnel.c
+++ b/ip/tunnel.c
@@ -25,6 +25,7 @@
 #include "tunnel.h"
 #include "json_print.h"

+#define IPPROTO_EESP 150
 const char *tnl_strproto(__u8 proto)
 {
 	switch (proto) {
@@ -36,6 +37,8 @@ const char *tnl_strproto(__u8 proto)
 		return "ipv6";
 	case IPPROTO_ESP:
 		return "esp";
+	case IPPROTO_EESP:
+		return "eesp";
 	case IPPROTO_MPLS:
 		return "mpls";
 	case 0:
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -69,9 +69,11 @@ static void usage(void)
 		"TMPL := ID [ mode MODE ] [ reqid REQID ] [ level LEVEL ]\n"
 		"ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ]\n"
 		"XFRM-PROTO := ");
+	#define IPPROTO_EESP 150
 	fprintf(stderr,
 		"%s | %s | %s | %s | %s\n",
 		strxf_xfrmproto(IPPROTO_ESP),
+		strxf_xfrmproto(IPPROTO_EESP),
 		strxf_xfrmproto(IPPROTO_AH),
 		strxf_xfrmproto(IPPROTO_COMP),
 		strxf_xfrmproto(IPPROTO_ROUTING),
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -59,9 +59,11 @@ static void usage(void)
 		"Usage: ip xfrm state count\n"
 		"ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ]\n"
 		"XFRM-PROTO := ");
+	# define IPPROTO_EESP 150
 	fprintf(stderr,
-		"%s | %s | %s | %s | %s\n",
+		"%s | %s | %s | %s | %s | %s\n",
 		strxf_xfrmproto(IPPROTO_ESP),
+		strxf_xfrmproto(IPPROTO_EESP),
 		strxf_xfrmproto(IPPROTO_AH),
 		strxf_xfrmproto(IPPROTO_COMP),
 		strxf_xfrmproto(IPPROTO_ROUTING),
@@ -679,6 +681,26 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 				exit(1);
 			}
 			break;
+		case IPPROTO_EESP:
+			if (calgop) {
+				fprintf(stderr, "ALGO-TYPE value \"%s\" is invalid with XFRM-PROTO value \"%s\"\n",
+					strxf_algotype(XFRMA_ALG_COMP),
+					strxf_xfrmproto(req.xsinfo.id.proto));
+				exit(1);
+			}
+			if (ealgop) {
+				fprintf(stderr, "ALGO-TYPE value \"%s\" is invalid with XFRM-PROTO value \"%s\"\n",
+					strxf_algotype(XFRMA_ALG_CRYPT),
+					strxf_xfrmproto(req.xsinfo.id.proto));
+				exit(1);
+			}
+			if (!aeadop) {
+				fprintf(stderr, "ALGO-TYPE value \"%s\" is required with XFRM-PROTO value \"%s\"\n",
+					strxf_algotype(XFRMA_ALG_AEAD),
+					strxf_xfrmproto(req.xsinfo.id.proto));
+				exit(1);
+			}
+			break;
 		case IPPROTO_AH:
 			if (ealgop || aeadop || calgop) {
 				fprintf(stderr, "ALGO-TYPE values \"%s\", \"%s\", and \"%s\" are invalid with XFRM-PROTO value \"%s\"\n",