From 388bbd0e99c35e4faeb7706db7e5eec48db595ec Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@users.noreply.github.com>
Date: Wed, 25 May 2016 11:10:01 -0700
Subject: [PATCH] Xfrm selector must discard 0 value src/dst ports (#126)

- by not setting their full bitmask

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 xfrm_policy_linux.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/xfrm_policy_linux.go b/xfrm_policy_linux.go
index e21a41d..e35cdc0 100644
--- a/xfrm_policy_linux.go
+++ b/xfrm_policy_linux.go
@@ -22,8 +22,12 @@ func selFromPolicy(sel *nl.XfrmSelector, policy *XfrmPolicy) {
 	sel.Proto = uint8(policy.Proto)
 	sel.Dport = nl.Swap16(uint16(policy.DstPort))
 	sel.Sport = nl.Swap16(uint16(policy.SrcPort))
-	sel.DportMask = ^uint16(0)
-	sel.SportMask = ^uint16(0)
+	if sel.Dport != 0 {
+		sel.DportMask = ^uint16(0)
+	}
+	if sel.Sport != 0 {
+		sel.SportMask = ^uint16(0)
+	}
 }
 
 // XfrmPolicyAdd will add an xfrm policy to the system.