[iproute2] XFRM: using flush message type

(Logical change 1.83)

diff --git a/include/utils.h b/include/utils.h
index 66bcf0f5e72a2fefbd7c769305e84d196df28221..ed1257e5698f92a27de5081ebf650f63b0cf9a7f 100644 (file)
--- a/include/utils.h
+++ b/include/utils.h
@@ -25,6 +25,9 @@ extern char * _SL_;
 #ifndef IPPROTO_COMP
 #define IPPROTO_COMP   108
 #endif
+#ifndef IPSEC_PROTO_ANY
+#define IPSEC_PROTO_ANY        255
+#endif
 
 #define SPRINT_BSIZE 64
 #define SPRINT_BUF(x)  char x[SPRINT_BSIZE]

diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index 5c7059ee032da005e1b4961446141123bc7c2d4e..9b6e2ac380108bfae81309d6ea5d91257ff6cb6f 100644 (file)
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -683,6 +683,33 @@ static int xfrm_policy_list_or_flush(int argc, char **argv, int flush)
        exit(0);
 }
 
+static int xfrm_policy_flush_all(void)
+{
+       struct rtnl_handle rth;
+       struct {
+               struct nlmsghdr n;
+       } req;
+
+       memset(&req, 0, sizeof(req));
+
+       req.n.nlmsg_len = NLMSG_LENGTH(0); /* nlmsg data is nothing */
+       req.n.nlmsg_flags = NLM_F_REQUEST;
+       req.n.nlmsg_type = XFRM_MSG_FLUSHPOLICY;
+
+       if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
+               exit(1);
+
+       if (show_stats > 1)
+               fprintf(stderr, "Flush all\n");
+
+       if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0)
+               exit(2);
+
+       rtnl_close(&rth);
+
+       return 0;
+}
+
 int do_xfrm_policy(int argc, char **argv)
 {
        if (argc < 1)
@@ -701,8 +728,12 @@ int do_xfrm_policy(int argc, char **argv)
                return xfrm_policy_list_or_flush(argc-1, argv+1, 0);
        if (matches(*argv, "get") == 0)
                return xfrm_policy_get(argc-1, argv+1);
-       if (matches(*argv, "flush") == 0)
-               return xfrm_policy_list_or_flush(argc-1, argv+1, 1);
+       if (matches(*argv, "flush") == 0) {
+               if (argc-1 < 1)
+                       return xfrm_policy_flush_all();
+               else
+                       return xfrm_policy_list_or_flush(argc-1, argv+1, 1);
+       }
        if (matches(*argv, "help") == 0)
                usage();
        fprintf(stderr, "Command \"%s\" is unknown, try \"ip xfrm policy help\".\n", *argv);

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index cc5e888075be88b785587f402a3f664dc1c28e14..97aabb702cc9bb53adec4e84b0b1ecdd842e866d 100644 (file)
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -568,7 +568,8 @@ static int xfrm_state_list_or_flush(int argc, char **argv, int flush)
        char *idp = NULL;
        struct rtnl_handle rth;
 
-       filter.use = 1;
+       if(argc > 0)
+               filter.use = 1;
        filter.xsinfo.family = preferred_family;
 
        while (argc > 0) {
@@ -666,6 +667,35 @@ static int xfrm_state_list_or_flush(int argc, char **argv, int flush)
        exit(0);
 }
 
+static int xfrm_state_flush_all(void)
+{
+       struct rtnl_handle rth;
+       struct {
+               struct nlmsghdr                 n;
+               struct xfrm_usersa_flush        xsf;
+       } req;
+
+       memset(&req, 0, sizeof(req));
+
+       req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsf));
+       req.n.nlmsg_flags = NLM_F_REQUEST;
+       req.n.nlmsg_type = XFRM_MSG_FLUSHSA;
+       req.xsf.proto = IPSEC_PROTO_ANY;
+
+       if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
+               exit(1);
+
+       if (show_stats > 1)
+               fprintf(stderr, "Flush all\n");
+
+       if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0)
+               exit(2);
+
+       rtnl_close(&rth);
+
+       return 0;
+}
+
 int do_xfrm_state(int argc, char **argv)
 {
        if (argc < 1)
@@ -684,8 +714,12 @@ int do_xfrm_state(int argc, char **argv)
                return xfrm_state_list_or_flush(argc-1, argv+1, 0);
        if (matches(*argv, "get") == 0)
                return xfrm_state_get_or_delete(argc-1, argv+1, 0);
-       if (matches(*argv, "flush") == 0)
-               return xfrm_state_list_or_flush(argc-1, argv+1, 1);
+       if (matches(*argv, "flush") == 0) {
+               if (argc-1 < 1)
+                       return xfrm_state_flush_all();
+               else
+                       return xfrm_state_list_or_flush(argc-1, argv+1, 1);
+       }
        if (matches(*argv, "help") == 0)
                usage();
        fprintf(stderr, "Command \"%s\" is unknown, try \"ip xfrm state help\".\n", *argv);