From bd641cd661527469a9d15c0fa09f19d017c2299f Mon Sep 17 00:00:00 2001 From: "org[shemminger]!nakam" Date: Tue, 28 Sep 2004 18:38:35 +0000 Subject: [PATCH] [iproute2] XFRM: using flush message type (Logical change 1.83) --- include/utils.h | 3 +++ ip/xfrm_policy.c | 35 +++++++++++++++++++++++++++++++++-- ip/xfrm_state.c | 40 +++++++++++++++++++++++++++++++++++++--- 3 files changed, 73 insertions(+), 5 deletions(-) diff --git a/include/utils.h b/include/utils.h index 66bcf0f5..ed1257e5 100644 --- a/include/utils.h +++ b/include/utils.h @@ -25,6 +25,9 @@ extern char * _SL_; #ifndef IPPROTO_COMP #define IPPROTO_COMP 108 #endif +#ifndef IPSEC_PROTO_ANY +#define IPSEC_PROTO_ANY 255 +#endif #define SPRINT_BSIZE 64 #define SPRINT_BUF(x) char x[SPRINT_BSIZE] diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index 5c7059ee..9b6e2ac3 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -683,6 +683,33 @@ static int xfrm_policy_list_or_flush(int argc, char **argv, int flush) exit(0); } +static int xfrm_policy_flush_all(void) +{ + struct rtnl_handle rth; + struct { + struct nlmsghdr n; + } req; + + memset(&req, 0, sizeof(req)); + + req.n.nlmsg_len = NLMSG_LENGTH(0); /* nlmsg data is nothing */ + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = XFRM_MSG_FLUSHPOLICY; + + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) + exit(1); + + if (show_stats > 1) + fprintf(stderr, "Flush all\n"); + + if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0) + exit(2); + + rtnl_close(&rth); + + return 0; +} + int do_xfrm_policy(int argc, char **argv) { if (argc < 1) @@ -701,8 +728,12 @@ int do_xfrm_policy(int argc, char **argv) return xfrm_policy_list_or_flush(argc-1, argv+1, 0); if (matches(*argv, "get") == 0) return xfrm_policy_get(argc-1, argv+1); - if (matches(*argv, "flush") == 0) - return xfrm_policy_list_or_flush(argc-1, argv+1, 1); + if (matches(*argv, "flush") == 0) { + if (argc-1 < 1) + return xfrm_policy_flush_all(); + else + return xfrm_policy_list_or_flush(argc-1, argv+1, 1); + } if (matches(*argv, "help") == 0) usage(); fprintf(stderr, "Command \"%s\" is unknown, try \"ip xfrm policy help\".\n", *argv); diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index cc5e8880..97aabb70 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -568,7 +568,8 @@ static int xfrm_state_list_or_flush(int argc, char **argv, int flush) char *idp = NULL; struct rtnl_handle rth; - filter.use = 1; + if(argc > 0) + filter.use = 1; filter.xsinfo.family = preferred_family; while (argc > 0) { @@ -666,6 +667,35 @@ static int xfrm_state_list_or_flush(int argc, char **argv, int flush) exit(0); } +static int xfrm_state_flush_all(void) +{ + struct rtnl_handle rth; + struct { + struct nlmsghdr n; + struct xfrm_usersa_flush xsf; + } req; + + memset(&req, 0, sizeof(req)); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsf)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = XFRM_MSG_FLUSHSA; + req.xsf.proto = IPSEC_PROTO_ANY; + + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) + exit(1); + + if (show_stats > 1) + fprintf(stderr, "Flush all\n"); + + if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0) + exit(2); + + rtnl_close(&rth); + + return 0; +} + int do_xfrm_state(int argc, char **argv) { if (argc < 1) @@ -684,8 +714,12 @@ int do_xfrm_state(int argc, char **argv) return xfrm_state_list_or_flush(argc-1, argv+1, 0); if (matches(*argv, "get") == 0) return xfrm_state_get_or_delete(argc-1, argv+1, 0); - if (matches(*argv, "flush") == 0) - return xfrm_state_list_or_flush(argc-1, argv+1, 1); + if (matches(*argv, "flush") == 0) { + if (argc-1 < 1) + return xfrm_state_flush_all(); + else + return xfrm_state_list_or_flush(argc-1, argv+1, 1); + } if (matches(*argv, "help") == 0) usage(); fprintf(stderr, "Command \"%s\" is unknown, try \"ip xfrm state help\".\n", *argv);