On Mon, 29 Apr 2019 14:24:24 +0200
Phil Sutter <p...@nwl.cc> wrote:
> Allow to limit 'ip xfrm {state|policy} list' output to a certain address
> family and to delete all states/policies by family.
>
> Although preferred_family was already set in filters, the filter
> function ignored it. To enable filtering despite the lack of other
> selectors, filter.use has to be set if family is not AF_UNSPEC.
>
> Signed-off-by: Phil Sutter <p...@nwl.cc>
> ---
> ip/xfrm_policy.c | 6 +++++-
> ip/xfrm_state.c | 6 +++++-
> man/man8/ip-xfrm.8 | 6 +++---
> 3 files changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
> index 4a63e9ab602d7..c6dfe836c5374 100644
> --- a/ip/xfrm_policy.c
> +++ b/ip/xfrm_policy.c
> @@ -410,6 +410,10 @@ static int xfrm_policy_filter_match(struct
> xfrm_userpolicy_info *xpinfo,
> if (!filter.use)
> return 1;
>
> + if (filter.xpinfo.sel.family != AF_UNSPEC &&
> + filter.xpinfo.sel.family != xpinfo->sel.family)
> + return 0;
> +
> if ((xpinfo->dir^filter.xpinfo.dir)&filter.dir_mask)
> return 0;
>
WARNING: suspect code indent for conditional statements (8, 24)
#68: FILE: ip/xfrm_policy.c:413:
+ if (filter.xpinfo.sel.family != AF_UNSPEC &&
[...]
+ return 0;
total: 0 errors, 1 warnings, 60 lines checked
