proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-12-08 03:28:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ipxfrm: allow to setup filter when dumping SA

Browse Source 
It's now possible to filter SA directly into the kernel by specifying
XFRMA_PROTO and/or XFRMA_ADDRESS_FILTER.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This commit is contained in:
Nicolas Dichtel 2014-03-21 11:02:43 +01:00 committed by Stephen Hemminger
parent 53e16e395b
commit f687d73c96
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ip/xfrm_state.c
View File

@ -1136,7 +1136,30 @@ static int xfrm_state_list_or_deleteall(int argc, char **argv, int deleteall)
} }
} else { } else {
if (rtnl_wilddump_request(&rth, preferred_family, XFRM_MSG_GETSA) < 0) { struct xfrm_address_filter addrfilter = {
.saddr = filter.xsinfo.saddr,
.daddr = filter.xsinfo.id.daddr,
.family = filter.xsinfo.family,
.splen = filter.id_src_mask,
.dplen = filter.id_dst_mask,
};
struct {
struct nlmsghdr n;
char buf[NLMSG_BUF_SIZE];
} req = {
.n.nlmsg_len = NLMSG_HDRLEN,
.n.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
.n.nlmsg_type = XFRM_MSG_GETSA,
.n.nlmsg_seq = rth.dump = ++rth.seq,
};
if (filter.xsinfo.id.proto)
addattr8(&req.n, sizeof(req), XFRMA_PROTO,
filter.xsinfo.id.proto);
addattr_l(&req.n, sizeof(req), XFRMA_ADDRESS_FILTER,
&addrfilter, sizeof(addrfilter));
if (rtnl_send(&rth, (void *)&req, req.n.nlmsg_len) < 0) {
perror("Cannot send dump request"); perror("Cannot send dump request");
exit(1); exit(1);
} }