|
 |
7e752c |
From 2f95b860ca09f8dc798204514b06b69cdfa0bd61 Mon Sep 17 00:00:00 2001
|
|
|
7e752c |
From: Andrea Claudi <aclaudi@redhat.com>
|
|
|
7e752c |
Date: Fri, 14 Jun 2019 11:04:17 +0200
|
|
|
7e752c |
Subject: [PATCH] ip-xfrm: Respect family in deleteall and list commands
|
|
|
7e752c |
|
|
|
7e752c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1656717
|
|
|
7e752c |
Upstream Status: iproute2.git commit cd21ae40130b4
|
|
|
7e752c |
Conflicts: on ip xfrm manpage due to missing commit a6af9f2e6195d
|
|
|
7e752c |
("xfrm: add option to hide keys in state output")
|
|
|
7e752c |
|
|
|
7e752c |
commit cd21ae40130b4d1ddb3ef500800840e35e7bfad1
|
|
|
7e752c |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
7e752c |
Date: Mon May 6 19:09:56 2019 +0200
|
|
|
7e752c |
|
|
|
7e752c |
ip-xfrm: Respect family in deleteall and list commands
|
|
|
7e752c |
|
|
|
7e752c |
Allow to limit 'ip xfrm {state|policy} list' output to a certain address
|
|
|
7e752c |
family and to delete all states/policies by family.
|
|
|
7e752c |
|
|
|
7e752c |
Although preferred_family was already set in filters, the filter
|
|
|
7e752c |
function ignored it. To enable filtering despite the lack of other
|
|
|
7e752c |
selectors, filter.use has to be set if family is not AF_UNSPEC.
|
|
|
7e752c |
|
|
|
7e752c |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
7e752c |
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
7e752c |
---
|
|
|
7e752c |
ip/xfrm_policy.c | 6 +++++-
|
|
|
7e752c |
ip/xfrm_state.c | 6 +++++-
|
|
|
7e752c |
man/man8/ip-xfrm.8 | 4 ++--
|
|
|
7e752c |
3 files changed, 12 insertions(+), 4 deletions(-)
|
|
|
7e752c |
|
|
|
7e752c |
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
|
|
|
7e752c |
index d54402691ca0a..5bb3e873d2e8c 100644
|
|
|
7e752c |
--- a/ip/xfrm_policy.c
|
|
|
7e752c |
+++ b/ip/xfrm_policy.c
|
|
|
7e752c |
@@ -400,6 +400,10 @@ static int xfrm_policy_filter_match(struct xfrm_userpolicy_info *xpinfo,
|
|
|
7e752c |
if (!filter.use)
|
|
|
7e752c |
return 1;
|
|
|
7e752c |
|
|
|
7e752c |
+ if (filter.xpinfo.sel.family != AF_UNSPEC &&
|
|
|
7e752c |
+ filter.xpinfo.sel.family != xpinfo->sel.family)
|
|
|
7e752c |
+ return 0;
|
|
|
7e752c |
+
|
|
|
7e752c |
if ((xpinfo->dir^filter.xpinfo.dir)&filter.dir_mask)
|
|
|
7e752c |
return 0;
|
|
|
7e752c |
|
|
|
7e752c |
@@ -773,7 +777,7 @@ static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall)
|
|
|
7e752c |
char *selp = NULL;
|
|
|
7e752c |
struct rtnl_handle rth;
|
|
|
7e752c |
|
|
|
7e752c |
- if (argc > 0)
|
|
|
7e752c |
+ if (argc > 0 || preferred_family != AF_UNSPEC)
|
|
|
7e752c |
filter.use = 1;
|
|
|
7e752c |
filter.xpinfo.sel.family = preferred_family;
|
|
|
7e752c |
|
|
|
7e752c |
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
|
|
|
7e752c |
index 85d959cc4f44f..2441959e98992 100644
|
|
|
7e752c |
--- a/ip/xfrm_state.c
|
|
|
7e752c |
+++ b/ip/xfrm_state.c
|
|
|
7e752c |
@@ -876,6 +876,10 @@ static int xfrm_state_filter_match(struct xfrm_usersa_info *xsinfo)
|
|
|
7e752c |
if (!filter.use)
|
|
|
7e752c |
return 1;
|
|
|
7e752c |
|
|
|
7e752c |
+ if (filter.xsinfo.family != AF_UNSPEC &&
|
|
|
7e752c |
+ filter.xsinfo.family != xsinfo->family)
|
|
|
7e752c |
+ return 0;
|
|
|
7e752c |
+
|
|
|
7e752c |
if (filter.id_src_mask)
|
|
|
7e752c |
if (xfrm_addr_match(&xsinfo->saddr, &filter.xsinfo.saddr,
|
|
|
7e752c |
filter.id_src_mask))
|
|
|
7e752c |
@@ -1140,7 +1144,7 @@ static int xfrm_state_list_or_deleteall(int argc, char **argv, int deleteall)
|
|
|
7e752c |
char *idp = NULL;
|
|
|
7e752c |
struct rtnl_handle rth;
|
|
|
7e752c |
|
|
|
7e752c |
- if (argc > 0)
|
|
|
7e752c |
+ if (argc > 0 || preferred_family != AF_UNSPEC)
|
|
|
7e752c |
filter.use = 1;
|
|
|
7e752c |
filter.xsinfo.family = preferred_family;
|
|
|
7e752c |
|
|
|
7e752c |
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
|
|
|
7e752c |
index 988cc6aa61d14..d5b9f083147c4 100644
|
|
|
7e752c |
--- a/man/man8/ip-xfrm.8
|
|
|
7e752c |
+++ b/man/man8/ip-xfrm.8
|
|
|
7e752c |
@@ -87,7 +87,7 @@ ip-xfrm \- transform configuration
|
|
|
7e752c |
.IR MASK " ] ]"
|
|
|
7e752c |
|
|
|
7e752c |
.ti -8
|
|
|
7e752c |
-.BR "ip xfrm state" " { " deleteall " | " list " } ["
|
|
|
7e752c |
+.BR ip " [ " -4 " | " -6 " ] " "xfrm state" " { " deleteall " | " list " } ["
|
|
|
7e752c |
.IR ID " ]"
|
|
|
7e752c |
.RB "[ " mode
|
|
|
7e752c |
.IR MODE " ]"
|
|
|
7e752c |
@@ -244,7 +244,7 @@ ip-xfrm \- transform configuration
|
|
|
7e752c |
.IR PTYPE " ]"
|
|
|
7e752c |
|
|
|
7e752c |
.ti -8
|
|
|
7e752c |
-.BR "ip xfrm policy" " { " deleteall " | " list " }"
|
|
|
7e752c |
+.BR ip " [ " -4 " | " -6 " ] " "xfrm policy" " { " deleteall " | " list " }"
|
|
|
7e752c |
.RB "[ " nosock " ]"
|
|
|
7e752c |
.RI "[ " SELECTOR " ]"
|
|
|
7e752c |
.RB "[ " dir
|
|
|
7e752c |
--
|
|
|
7e752c |
2.20.1
|
|
|
7e752c |
|