xfrm_policy: Do not attempt to deleteall a socket policy

Socket polices are added to a socket using setsockopt(2). They cannot be deleted by iproute2. The attempt to delete them causes an error (EINVAL). To avoid this unnecessary error message all socket policies are skipped in xfrm_policy_keep. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
author: Thomas Egerer <thomas.egerer@secunet.com> 2017-10-30 19:11:45 +0100
committer: Stephen Hemminger <stephen@networkplumber.org> 2017-11-07 11:12:30 +0900
commit: 5474d440b8a26b30104329d699217c87d34652ad (patch)
tree: 6e5518be237990fe73259554791cdce5c79498dc
parent: 20e4840a0a209006ac16cfd5cd1e6a28b346ce67 (diff)
download: iproute2-5474d440b8a26b30104329d699217c87d34652ad.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index 0c86a52a..e716a7d0 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -735,6 +735,10 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who,
 	if (!xfrm_policy_filter_match(xpinfo, ptype))
 		return 0;
 
+	/* can't delete socket policies */
+	if (xpinfo->dir >= XFRM_POLICY_MAX)
+		return 0;
+
 	if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
 		return 0;
author	Thomas Egerer <thomas.egerer@secunet.com>	2017-10-30 19:11:45 +0100
committer	Stephen Hemminger <stephen@networkplumber.org>	2017-11-07 11:12:30 +0900
commit	5474d440b8a26b30104329d699217c87d34652ad (patch)
tree	6e5518be237990fe73259554791cdce5c79498dc
parent	20e4840a0a209006ac16cfd5cd1e6a28b346ce67 (diff)
download	iproute2-5474d440b8a26b30104329d699217c87d34652ad.tar.gz