The XFRMA_SET_MARK_MASK attribute is set in states (4.19+).
It is the mask of XFRMA_SET_MARK(a.k.a. XFRMA_OUTPUT_MARK in 4.18)
sample output: note the output-mark mask
ip xfrm state
src 192.1.2.23 dst 192.1.3.33
proto esp spi 0xSPISPI reqid REQID mode tunnel
replay-window 32 flag af-unspec
output-mark 0x3/0xffffff
aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
if_id 0x1
Signed-off-by: Antony Antony <ant...@phenome.org>
---
ip/ipxfrm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index cac8ba25..e4a72bd0 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -649,6 +649,10 @@ static void xfrm_output_mark_print(struct rtattr *tb[],
FILE *fp)
__u32 output_mark = rta_getattr_u32(tb[XFRMA_OUTPUT_MARK]);
fprintf(fp, "output-mark 0x%x", output_mark);
+ if (tb[XFRMA_SET_MARK_MASK]) {
+ __u32 mask = rta_getattr_u32(tb[XFRMA_SET_MARK_MASK]);
+ fprintf(fp, "/0x%x", mask);
+ }
}
int xfrm_parse_mark(struct xfrm_mark *mark, int *argcp, char ***argvp)
--
2.21.3
