Hello *,
the following set of three patches tries deals with socket policies.
The first patch adresses the missing filter option for socket
polices. Especially when dealing with many of those, it is quite
cumbersome to filter them from the iproute2-output. So an option
to remove them from the output has been added.
Also when trying to deleteall policies iproute2 tries to delete
socket based policies, too. The result is an error message which
is misleading and unnecessary. So the second patch skips all
socket policies when deleteall-ing policies.
The third patch allow to deleteall policies and states even if
they have a mark. I'm not sure if the current behavior is
intended but if iproute2 finds a policy or state with a mark
it tries to delete the corresponding policy/state *without*
a mark. Also the result is an error and the policy/state is
not deleted.
All patches are rebased onto net-next.
Regards
Thomas
Thomas Egerer (3):
xfrm_policy: Add filter option for socket policies
xfrm_policy: Do not attempt to deleteall a socket policy
xfrm_{state,policy}: Allow to deleteall polices/states with marks
ip/xfrm.h | 1 +
ip/xfrm_policy.c | 21 ++++++++++++++++++++-
ip/xfrm_state.c | 12 ++++++++++++
3 files changed, 33 insertions(+), 1 deletion(-)
--
2.6.4
