ipxfrm: Make xfrm_selector_print() output port ranges based on port masks

Commit Message

Nathan Tran Jan. 21, 2025, 12:26 a.m. UTC

When listing policies with `ip xfrm policy list`, selector port ranges are not
displayed to the user even if sport_mask and dport_mask are not equal to 0xffff.

Here is an output example with the patch applied:

root@f2a56a327b1b:/# ip xfrm policy list
src fd00::2/128 dst fd00::10/128 proto 17 sport 40000-40031 dport 40000-40031
        dir out priority 268563
        tmpl src fd00::2 dst fd00::10
                proto esp spi 0x21900907 reqid 1 mode tunnel

Signed-off-by: Nathan Tran <ntranswe@gmail.com>
---
 ip/ipxfrm.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

Patch

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 90d25aac..3605c718 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -443,10 +443,20 @@  void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
 	case IPPROTO_SCTP:
 	case IPPROTO_DCCP:
 	default: /* XXX */
-		if (sel->sport_mask)
+		if (sel->sport_mask == 0xffff)
 			fprintf(fp, "sport %u ", ntohs(sel->sport));
-		if (sel->dport_mask)
+		else if (sel->sport_mask) {
+			fprintf(fp, "sport %u-%u ",
+				ntohs(sel->sport & sel->sport_mask),
+				ntohs(sel->sport | ~sel->sport_mask));
+		}
+		if (sel->dport_mask == 0xffff)
 			fprintf(fp, "dport %u ", ntohs(sel->dport));
+		else if (sel->dport_mask) {
+			fprintf(fp, "dport %u-%u ",
+				ntohs(sel->dport & sel->dport_mask),
+				ntohs(sel->dport | ~sel->dport_mask));
+		}
 		break;
 	case IPPROTO_ICMP:
 	case IPPROTO_ICMPV6: