On Thu, 2 Nov 2017 14:13:22 +0100
Thomas Egerer <thomas.ege...@secunet.com> wrote:
> Hello *,
>
> the following set of three patches tries deals with socket policies.
> The first patch adresses the missing filter option for socket
> polices. Especially when dealing with many of those, it is quite
> cumbersome to filter them from the iproute2-output. So an option
> to remove them from the output has been added.
> Also when trying to deleteall policies iproute2 tries to delete
> socket based policies, too. The result is an error message which
> is misleading and unnecessary. So the second patch skips all
> socket policies when deleteall-ing policies.
> The third patch allow to deleteall policies and states even if
> they have a mark. I'm not sure if the current behavior is
> intended but if iproute2 finds a policy or state with a mark
> it tries to delete the corresponding policy/state *without*
> a mark. Also the result is an error and the policy/state is
> not deleted.
> Resend with modifications as requested by Stephen.
>
> Regards
> Thomas
>
> Thomas Egerer (3):
> xfrm_policy: Add filter option for socket policies
> xfrm_policy: Do not attempt to deleteall a socket policy
> xfrm_{state,policy}: Allow to deleteall polices/states with marks
>
> ip/xfrm.h | 1 +
> ip/xfrm_policy.c | 22 +++++++++++++++++++++-
> ip/xfrm_state.c | 13 +++++++++++++
> 3 files changed, 35 insertions(+), 1 deletion(-)
>
Applied.
