From 2f95b860ca09f8dc798204514b06b69cdfa0bd61 Mon Sep 17 00:00:00 2001

From: Andrea Claudi <aclaudi@redhat.com>

Date: Fri, 14 Jun 2019 11:04:17 +0200

Subject: [PATCH] ip-xfrm: Respect family in deleteall and list commands

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1656717

Upstream Status: iproute2.git commit cd21ae40130b4

Conflicts: on ip xfrm manpage due to missing commit a6af9f2e6195d

           ("xfrm: add option to hide keys in state output")

commit cd21ae40130b4d1ddb3ef500800840e35e7bfad1

Author: Phil Sutter <phil@nwl.cc>

Date:   Mon May 6 19:09:56 2019 +0200

    ip-xfrm: Respect family in deleteall and list commands

    Allow to limit 'ip xfrm {state|policy} list' output to a certain address

    family and to delete all states/policies by family.

    Although preferred_family was already set in filters, the filter

    function ignored it. To enable filtering despite the lack of other

    selectors, filter.use has to be set if family is not AF_UNSPEC.

    Signed-off-by: Phil Sutter <phil@nwl.cc>

    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

---

 ip/xfrm_policy.c   | 6 +++++-

 ip/xfrm_state.c    | 6 +++++-

 man/man8/ip-xfrm.8 | 4 ++--

 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c

index d54402691ca0a..5bb3e873d2e8c 100644

--- a/ip/xfrm_policy.c

+++ b/ip/xfrm_policy.c

@@ -400,6 +400,10 @@ static int xfrm_policy_filter_match(struct xfrm_userpolicy_info *xpinfo,

 	if (!filter.use)

 		return 1;

+	if (filter.xpinfo.sel.family != AF_UNSPEC &&

+	    filter.xpinfo.sel.family != xpinfo->sel.family)

+		return 0;

+

 	if ((xpinfo->dir^filter.xpinfo.dir)&filter.dir_mask)

 		return 0;

@@ -773,7 +777,7 @@ static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall)

 	char *selp = NULL;

 	struct rtnl_handle rth;

-	if (argc > 0)

+	if (argc > 0 || preferred_family != AF_UNSPEC)

 		filter.use = 1;

 	filter.xpinfo.sel.family = preferred_family;

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c

index 85d959cc4f44f..2441959e98992 100644

--- a/ip/xfrm_state.c

+++ b/ip/xfrm_state.c

@@ -876,6 +876,10 @@ static int xfrm_state_filter_match(struct xfrm_usersa_info *xsinfo)

 	if (!filter.use)

 		return 1;

+	if (filter.xsinfo.family != AF_UNSPEC &&

+	    filter.xsinfo.family != xsinfo->family)

+		return 0;

+

 	if (filter.id_src_mask)

 		if (xfrm_addr_match(&xsinfo->saddr, &filter.xsinfo.saddr,

 				    filter.id_src_mask))

@@ -1140,7 +1144,7 @@ static int xfrm_state_list_or_deleteall(int argc, char **argv, int deleteall)

 	char *idp = NULL;

 	struct rtnl_handle rth;

-	if (argc > 0)

+	if (argc > 0 || preferred_family != AF_UNSPEC)

 		filter.use = 1;

 	filter.xsinfo.family = preferred_family;

diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8

index 988cc6aa61d14..d5b9f083147c4 100644

--- a/man/man8/ip-xfrm.8

+++ b/man/man8/ip-xfrm.8

@@ -87,7 +87,7 @@ ip-xfrm \- transform configuration

 .IR MASK " ] ]"

 .ti -8

-.BR "ip xfrm state" " { " deleteall " | " list " } ["

+.BR ip " [ " -4 " | " -6 " ] " "xfrm state" " { " deleteall " | " list " } ["

 .IR ID " ]"

 .RB "[ " mode

 .IR MODE " ]"

@@ -244,7 +244,7 @@ ip-xfrm \- transform configuration

 .IR PTYPE " ]"

 .ti -8

-.BR "ip xfrm policy" " { " deleteall " | " list " }"

+.BR ip " [ " -4 " | " -6 " ] " "xfrm policy" " { " deleteall " | " list " }"

 .RB "[ " nosock " ]"

 .RI "[ " SELECTOR " ]"

 .RB "[ " dir

-- 

2.20.1