__u8 action_mask;
__u32 priority_mask;
__u8 policy_flags_mask;
+ __u8 filter_socket;
__u8 ptype;
__u8 ptype_mask;
fprintf(stderr, " [ LIMIT-LIST ] [ TMPL-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n");
fprintf(stderr, " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n");
- fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ SELECTOR ] [ dir DIR ]\n");
+ fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ nosock ] [ SELECTOR ] [ dir DIR ]\n");
fprintf(stderr, " [ index INDEX ] [ ptype PTYPE ] [ action ACTION ] [ priority PRIORITY ]\n");
fprintf(stderr, " [ flag FLAG-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy flush [ ptype PTYPE ]\n");
if ((xpinfo->dir^filter.xpinfo.dir)&filter.dir_mask)
return 0;
+ if (filter.filter_socket && (xpinfo->dir >= XFRM_POLICY_MAX))
+ return 0;
+
if ((ptype^filter.ptype)&filter.ptype_mask)
return 0;
if (!xfrm_policy_filter_match(xpinfo, ptype))
return 0;
+ /* can't delete socket policies */
+ if (xpinfo->dir >= XFRM_POLICY_MAX)
+ return 0;
+
if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
return 0;
xpid->dir = xpinfo->dir;
xpid->index = xpinfo->index;
+ if (tb[XFRMA_MARK]) {
+ int r = addattr_l(new_n, xb->size, XFRMA_MARK,
+ (void *)RTA_DATA(tb[XFRMA_MARK]), tb[XFRMA_MARK]->rta_len);
+ if (r < 0) {
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
+ exit(1);
+ }
+ }
+
xb->offset += new_n->nlmsg_len;
xb->nlmsg_count++;
filter.policy_flags_mask = XFRM_FILTER_MASK_FULL;
+ } else if (strcmp(*argv, "nosock") == 0) {
+ /* filter all socket-based policies */
+ filter.filter_socket = 1;
} else {
if (selp)
invarg("unknown", *argv);
int len = n->nlmsg_len;
struct nlmsghdr *new_n;
struct xfrm_usersa_id *xsid;
+ struct rtattr *tb[XFRMA_MAX+1];
if (n->nlmsg_type != XFRM_MSG_NEWSA) {
fprintf(stderr, "Not a state: %08x %08x %08x\n",
addattr_l(new_n, xb->size, XFRMA_SRCADDR, &xsinfo->saddr,
sizeof(xsid->daddr));
+ parse_rtattr(tb, XFRMA_MAX, XFRMS_RTA(xsinfo), len);
+
+ if (tb[XFRMA_MARK]) {
+ int r = addattr_l(new_n, xb->size, XFRMA_MARK,
+ (void *)RTA_DATA(tb[XFRMA_MARK]), tb[XFRMA_MARK]->rta_len);
+ if (r < 0) {
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
+ exit(1);
+ }
+ }
+
xb->offset += new_n->nlmsg_len;
xb->nlmsg_count++;
#include <unistd.h>
#include <syslog.h>
#include <fcntl.h>
+#include <stdint.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
*/
#define MAX_DIST (16*1024)
-static const double max_percent_value = 0xffffffff;
-
/* scaled value used to percent of maximum. */
static void set_percent(__u32 *percent, double per)
{
- *percent = (unsigned int) rint(per * max_percent_value);
+ *percent = rint(per * UINT32_MAX);
}
-
/* Parse either a fraction '.3' or percent '30%
* return: 0 = ok, -1 = error, 1 = out of range
*/
static void print_percent(char *buf, int len, __u32 per)
{
- snprintf(buf, len, "%g%%", 100. * (double) per / max_percent_value);
+ snprintf(buf, len, "%g%%", (100. * per) / UINT32_MAX);
}
static char *sprint_percent(__u32 per, char *buf)
/* netem option is "1-h" but kernel
* expects "h".
*/
- gemodel.h = max_percent_value - gemodel.h;
+ gemodel.h = UINT32_MAX - gemodel.h;
if (!NEXT_IS_NUMBER())
continue;
fprintf(f, " loss gemodel p %s",
sprint_percent(gemodel->p, b1));
fprintf(f, " r %s", sprint_percent(gemodel->r, b1));
- fprintf(f, " 1-h %s", sprint_percent(max_percent_value -
+ fprintf(f, " 1-h %s", sprint_percent(UINT32_MAX -
gemodel->h, b1));
fprintf(f, " 1-k %s", sprint_percent(gemodel->k1, b1));
}