mirror of https://github.com/vishvananda/netlink
Xfrm selector must discard 0 value src/dst ports (#126)
- by not setting their full bitmask Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
parent
2ce23437df
commit
388bbd0e99
|
@ -22,8 +22,12 @@ func selFromPolicy(sel *nl.XfrmSelector, policy *XfrmPolicy) {
|
||||||
sel.Proto = uint8(policy.Proto)
|
sel.Proto = uint8(policy.Proto)
|
||||||
sel.Dport = nl.Swap16(uint16(policy.DstPort))
|
sel.Dport = nl.Swap16(uint16(policy.DstPort))
|
||||||
sel.Sport = nl.Swap16(uint16(policy.SrcPort))
|
sel.Sport = nl.Swap16(uint16(policy.SrcPort))
|
||||||
sel.DportMask = ^uint16(0)
|
if sel.Dport != 0 {
|
||||||
sel.SportMask = ^uint16(0)
|
sel.DportMask = ^uint16(0)
|
||||||
|
}
|
||||||
|
if sel.Sport != 0 {
|
||||||
|
sel.SportMask = ^uint16(0)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// XfrmPolicyAdd will add an xfrm policy to the system.
|
// XfrmPolicyAdd will add an xfrm policy to the system.
|
||||||
|
|
Loading…
Reference in New Issue