xfrm: also check for ipv6 state in xfrm_state_keep

As commit f9d696cf414c ("xfrm: not try to delete ipcomp states when using deleteall") does, this patch is to fix the same issue for ip6 state where xsinfo->id.proto == IPPROTO_IPV6. # ip xfrm state add src 2000::1 dst 2000::2 spi 0x1000 \ proto comp comp deflate mode tunnel sel src 2000::1 dst \ 2000::2 proto gre # ip xfrm sta deleteall Failed to send delete-all request : Operation not permitted Note that the xsinfo->proto in common states can never be IPPROTO_IPV6. Fixes: f9d696cf414c ("xfrm: not try to delete ipcomp states when using deleteall") Reported-by: Xiumei Mu <xmu@redhat.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
author: Xin Long <lucien.xin@gmail.com> 2020-04-27 15:14:24 +0800
committer: Stephen Hemminger <stephen@networkplumber.org> 2020-04-27 14:50:37 -0700
commit: d27fc6390ce32ecdba6324e22b1c341791c5c63f (patch)
tree: 5fe61698b8a7c44ea835124039f8492645cd425a
parent: 0149dabf2a1bad2f210ca2d987b29083247b7bd0 (diff)
download: iproute2-d27fc6390ce32ecdba6324e22b1c341791c5c63f.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index d68f600ae..f4bf3356b 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -1131,7 +1131,8 @@ static int xfrm_state_keep(struct nlmsghdr *n, void *arg)
 	if (!xfrm_state_filter_match(xsinfo))
 		return 0;
 
-	if (xsinfo->id.proto == IPPROTO_IPIP)
+	if (xsinfo->id.proto == IPPROTO_IPIP ||
+	    xsinfo->id.proto == IPPROTO_IPV6)
 		return 0;
 
 	if (xb->offset > xb->size) {
author	Xin Long <lucien.xin@gmail.com>	2020-04-27 15:14:24 +0800
committer	Stephen Hemminger <stephen@networkplumber.org>	2020-04-27 14:50:37 -0700
commit	d27fc6390ce32ecdba6324e22b1c341791c5c63f (patch)
tree	5fe61698b8a7c44ea835124039f8492645cd425a
parent	0149dabf2a1bad2f210ca2d987b29083247b7bd0 (diff)
download	iproute2-d27fc6390ce32ecdba6324e22b1c341791c5c63f.tar.gz