From bd1000b4a074a856026ddb3da5f77076803f64a5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 9 Sep 2020 04:45:54 +0900
Subject: [PATCH] network: fix the default mask for FirewallMark=

And always send FRA_FWMASK if FirewallMark= is set.

C.f. https://github.com/torvalds/linux/commit/b8964ed9fa727109c9084abc807652ebfb681c18

Partially fixes #16784.
---
 src/network/networkd-routing-policy-rule.c | 19 +++++++++++--------
 src/network/test-routing-policy-rule.c     |  2 +-
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
index 94bae87a88e..69608e9e483 100644
--- a/src/network/networkd-routing-policy-rule.c
+++ b/src/network/networkd-routing-policy-rule.c
@@ -540,9 +540,7 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl
                 r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
                 if (r < 0)
                         return log_link_error_errno(link, r, "Could not append FRA_FWMARK attribute: %m");
-        }
 
-        if (rule->fwmask > 0) {
                 r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask);
                 if (r < 0)
                         return log_link_error_errno(link, r, "Could not append FRA_FWMASK attribute: %m");
@@ -676,10 +674,13 @@ static int parse_fwmark_fwmask(const char *s, uint32_t *ret_fwmark, uint32_t *re
         if (r < 0)
                 return r;
 
-        if (slash) {
-                r = safe_atou32(slash + 1, &fwmask);
-                if (r < 0)
-                        return r;
+        if (fwmark > 0) {
+                if (slash) {
+                        r = safe_atou32(slash + 1, &fwmask);
+                        if (r < 0)
+                                return r;
+                } else
+                        fwmask = UINT32_MAX;
         }
 
         *ret_fwmark = fwmark;
@@ -1239,9 +1240,11 @@ int routing_policy_serialize_rules(Set *rules, FILE *f) {
                 }
 
                 if (rule->fwmark != 0) {
-                        fprintf(f, "%sfwmark=%"PRIu32"/%"PRIu32,
+                        fprintf(f, "%sfwmark=%"PRIu32,
                                 space ? " " : "",
-                                rule->fwmark, rule->fwmask);
+                                rule->fwmark);
+                        if (rule->fwmask != UINT32_MAX)
+                                fprintf(f, "/%"PRIu32, rule->fwmask);
                         space = true;
                 }
 
diff --git a/src/network/test-routing-policy-rule.c b/src/network/test-routing-policy-rule.c
index 85924bc0c9e..78755927c77 100644
--- a/src/network/test-routing-policy-rule.c
+++ b/src/network/test-routing-policy-rule.c
@@ -67,7 +67,7 @@ int main(int argc, char **argv) {
         test_rule_serialization("ignored values",
                                 "RULE=something=to=ignore from=1.2.3.4/32 from=1.2.3.4/32"
                                 "   \t  to=2.3.4.5/24 to=2.3.4.5/32 tos=5 fwmark=2 fwmark=1 table=10 table=20",
-                                "RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 fwmark=1/0 invert_rule=no table=20");
+                                "RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 fwmark=1 invert_rule=no table=20");
 
         test_rule_serialization("ipv6",
                                 "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 invert_rule=yes table=6", NULL);
-- 
2.39.2