summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJamal Hadi Salim <hadi@cyberus.ca>2006-03-20 19:17:25 -0800
committerDavid S. Miller <davem@davemloft.net>2006-03-20 19:17:25 -0800
commit6c5c8ca7ff20523e427b955aa84cef407934710f (patch)
tree382a4b07027efd8a41638ed9c051cc9ec2506f0b
parent53bc6b4d29c07664f3abe029b7e6878a1067899a (diff)
downloadop-kernel-dev-6c5c8ca7ff20523e427b955aa84cef407934710f.zip
op-kernel-dev-6c5c8ca7ff20523e427b955aa84cef407934710f.tar.gz
[IPSEC]: Sync series - policy expires
This is similar to the SA expire insertion patch - only it inserts expires for SP. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h2
-rw-r--r--net/xfrm/xfrm_policy.c4
-rw-r--r--net/xfrm/xfrm_state.c3
-rw-r--r--net/xfrm/xfrm_user.c56
4 files changed, 60 insertions, 5 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index d409c9d..156f52e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -957,7 +957,7 @@ extern void xfrm_init_pmtu(struct dst_entry *dst);
extern wait_queue_head_t km_waitq;
extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
-extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard);
+extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
extern void xfrm_input_init(void);
extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ae62054..453551e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -203,7 +203,7 @@ static void xfrm_policy_timer(unsigned long data)
}
if (warn)
- km_policy_expired(xp, dir, 0);
+ km_policy_expired(xp, dir, 0, 0);
if (next != LONG_MAX &&
!mod_timer(&xp->timer, jiffies + make_jiffies(next)))
xfrm_pol_hold(xp);
@@ -216,7 +216,7 @@ out:
expired:
read_unlock(&xp->lock);
if (!xfrm_policy_delete(xp, dir))
- km_policy_expired(xp, dir, 1);
+ km_policy_expired(xp, dir, 1, 0);
xfrm_pol_put(xp);
}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7784adb..8df547d 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -961,11 +961,12 @@ int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
}
EXPORT_SYMBOL(km_new_mapping);
-void km_policy_expired(struct xfrm_policy *pol, int dir, int hard)
+void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
{
struct km_event c;
c.data.hard = hard;
+ c.pid = pid;
c.event = XFRM_MSG_POLEXPIRE;
km_policy_notify(pol, dir, &c);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2dc1e69..b46ee7d 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1222,7 +1222,7 @@ out:
static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
{
- struct km_event c;
+struct km_event c;
xfrm_policy_flush();
c.event = nlh->nlmsg_type;
@@ -1232,6 +1232,58 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
return 0;
}
+static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+ struct xfrm_policy *xp;
+ struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
+ struct xfrm_userpolicy_info *p = &up->pol;
+ int err = -ENOENT;
+
+ if (p->index)
+ xp = xfrm_policy_byid(p->dir, p->index, 0);
+ else {
+ struct rtattr **rtattrs = (struct rtattr **)xfrma;
+ struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
+ struct xfrm_policy tmp;
+
+ err = verify_sec_ctx_len(rtattrs);
+ if (err)
+ return err;
+
+ memset(&tmp, 0, sizeof(struct xfrm_policy));
+ if (rt) {
+ struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
+
+ if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+ return err;
+ }
+ xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, 0);
+ security_xfrm_policy_free(&tmp);
+ }
+
+ if (xp == NULL)
+ return err;
+ read_lock(&xp->lock);
+ if (xp->dead) {
+ read_unlock(&xp->lock);
+ goto out;
+ }
+
+ read_unlock(&xp->lock);
+ err = 0;
+ if (up->hard) {
+ xfrm_policy_delete(xp, p->dir);
+ } else {
+ // reset the timers here?
+ printk("Dont know what to do with soft policy expire\n");
+ }
+ km_policy_expired(xp, p->dir, up->hard, current->pid);
+
+out:
+ xfrm_pol_put(xp);
+ return err;
+}
+
static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
{
struct xfrm_state *x;
@@ -1327,6 +1379,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
[XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
[XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
[XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
+ [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire),
[XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
[XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0),
[XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
@@ -1352,6 +1405,7 @@ static struct xfrm_link {
[XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
[XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
[XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
+ [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire},
[XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa },
[XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy },
[XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae },
OpenPOWER on IntegriCloud