On 10/2/20 6:22 AM, Antony Antony wrote:
> The XFRMA_SET_MARK_MASK attribute can be set in states (4.19+)
> It is optional and the kernel default is 0xffffffff
> It is the mask of XFRMA_SET_MARK(a.k.a. XFRMA_OUTPUT_MARK in 4.18)
>
> e.g.
> ./ip/ip xfrm state add output-mark 0x6 mask 0xab proto esp \
> auth digest_null 0 enc cipher_null ''
> ip xfrm state
> src 0.0.0.0 dst 0.0.0.0
> proto esp spi 0x00000000 reqid 0 mode transport
> replay-window 0
> output-mark 0x6/0xab
> auth-trunc digest_null 0x30 0
> enc ecb(cipher_null)
> anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
> sel src 0.0.0.0/0 dst 0.0.0.0/0
>
> Signed-off-by: Antony Antony <ant...@phenome.org>
> ---
> v1 -> v2
> - add man page and usage for mask
> --
> ip/xfrm_state.c | 23 ++++++++++++++++++-----
> man/man8/ip-xfrm.8 | 4 +++-
> 2 files changed, 21 insertions(+), 6 deletions(-)
>
applied to iproute2-next. Thanks
