aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2006-08-24 06:29:04 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 18:08:45 -0400
commitc7f5ea3a4d1ae6b3b426e113358fdc57494bc754 (patch)
treed77be695b79131617029d8586fd729a6b94b56e5
parent2575b65434d56559bd03854450b9b6aaf19b9c90 (diff)
[XFRM]: Do not flush all bundles on SA insert.
Instead, simply set all potentially aliasing existing xfrm_state objects to have the current generation counter value. This will make routes get relooked up the next time an existing route mentioning these aliased xfrm_state objects gets used, via xfrm_dst_check(). Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h1
-rw-r--r--net/xfrm/xfrm_policy.c10
-rw-r--r--net/xfrm/xfrm_state.c25
3 files changed, 20 insertions, 16 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index fd4a300b5ba..a620a43c9ee 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -996,7 +996,6 @@ struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
996extern void xfrm_policy_flush(u8 type); 996extern void xfrm_policy_flush(u8 type);
997extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 997extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
998extern int xfrm_flush_bundles(void); 998extern int xfrm_flush_bundles(void);
999extern void xfrm_flush_all_bundles(void);
1000extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family, int strict); 999extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family, int strict);
1001extern void xfrm_init_pmtu(struct dst_entry *dst); 1000extern void xfrm_init_pmtu(struct dst_entry *dst);
1002 1001
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 7fc6944ee36..cfa5c692f2e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1478,16 +1478,6 @@ int xfrm_flush_bundles(void)
1478 return 0; 1478 return 0;
1479} 1479}
1480 1480
1481static int always_true(struct dst_entry *dst)
1482{
1483 return 1;
1484}
1485
1486void xfrm_flush_all_bundles(void)
1487{
1488 xfrm_prune_bundles(always_true);
1489}
1490
1491void xfrm_init_pmtu(struct dst_entry *dst) 1481void xfrm_init_pmtu(struct dst_entry *dst)
1492{ 1482{
1493 do { 1483 do {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 98200397e09..77ef796c9d0 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -761,13 +761,30 @@ static void __xfrm_state_insert(struct xfrm_state *x)
761 schedule_work(&xfrm_hash_work); 761 schedule_work(&xfrm_hash_work);
762} 762}
763 763
764/* xfrm_state_lock is held */
765static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
766{
767 unsigned short family = xnew->props.family;
768 u32 reqid = xnew->props.reqid;
769 struct xfrm_state *x;
770 struct hlist_node *entry;
771 unsigned int h;
772
773 h = xfrm_dst_hash(&xnew->id.daddr, reqid, family);
774 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
775 if (x->props.family == family &&
776 x->props.reqid == reqid &&
777 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family))
778 x->genid = xfrm_state_genid;
779 }
780}
781
764void xfrm_state_insert(struct xfrm_state *x) 782void xfrm_state_insert(struct xfrm_state *x)
765{ 783{
766 spin_lock_bh(&xfrm_state_lock); 784 spin_lock_bh(&xfrm_state_lock);
785 __xfrm_state_bump_genids(x);
767 __xfrm_state_insert(x); 786 __xfrm_state_insert(x);
768 spin_unlock_bh(&xfrm_state_lock); 787 spin_unlock_bh(&xfrm_state_lock);
769
770 xfrm_flush_all_bundles();
771} 788}
772EXPORT_SYMBOL(xfrm_state_insert); 789EXPORT_SYMBOL(xfrm_state_insert);
773 790
@@ -889,15 +906,13 @@ int xfrm_state_add(struct xfrm_state *x)
889 x->id.proto, 906 x->id.proto,
890 &x->id.daddr, &x->props.saddr, 0); 907 &x->id.daddr, &x->props.saddr, 0);
891 908
909 __xfrm_state_bump_genids(x);
892 __xfrm_state_insert(x); 910 __xfrm_state_insert(x);
893 err = 0; 911 err = 0;
894 912
895out: 913out:
896 spin_unlock_bh(&xfrm_state_lock); 914 spin_unlock_bh(&xfrm_state_lock);
897 915
898 if (!err)
899 xfrm_flush_all_bundles();
900
901 if (x1) { 916 if (x1) {
902 xfrm_state_delete(x1); 917 xfrm_state_delete(x1);
903 xfrm_state_put(x1); 918 xfrm_state_put(x1);