diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:30:18 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:30:18 -0500 |
| commit | 0e6024519b4da2d9413b97be1de8122d5709ccc1 (patch) | |
| tree | 169bb5b6b763dbb63ccb23decd36441daa8398ca | |
| parent | 98806f75ba2afc716e4d2f915d3ac7687546f9c0 (diff) | |
netns xfrm: state flush in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/xfrm.h | 2 | ||||
| -rw-r--r-- | net/key/af_key.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 18 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
4 files changed, 12 insertions, 12 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 8699620f8c2d..e4bb67225610 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -1363,7 +1363,7 @@ struct xfrmk_spdinfo { | |||
| 1363 | 1363 | ||
| 1364 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); | 1364 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); |
| 1365 | extern int xfrm_state_delete(struct xfrm_state *x); | 1365 | extern int xfrm_state_delete(struct xfrm_state *x); |
| 1366 | extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); | 1366 | extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); |
| 1367 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); | 1367 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); |
| 1368 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); | 1368 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); |
| 1369 | extern int xfrm_replay_check(struct xfrm_state *x, | 1369 | extern int xfrm_replay_check(struct xfrm_state *x, |
diff --git a/net/key/af_key.c b/net/key/af_key.c index 036315d6b665..e5d595a60921 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -1732,7 +1732,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd | |||
| 1732 | audit_info.loginuid = audit_get_loginuid(current); | 1732 | audit_info.loginuid = audit_get_loginuid(current); |
| 1733 | audit_info.sessionid = audit_get_sessionid(current); | 1733 | audit_info.sessionid = audit_get_sessionid(current); |
| 1734 | audit_info.secid = 0; | 1734 | audit_info.secid = 0; |
| 1735 | err = xfrm_state_flush(proto, &audit_info); | 1735 | err = xfrm_state_flush(&init_net, proto, &audit_info); |
| 1736 | if (err) | 1736 | if (err) |
| 1737 | return err; | 1737 | return err; |
| 1738 | c.data.proto = proto; | 1738 | c.data.proto = proto; |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f3f635d4ee66..5f4c5340ba30 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -576,15 +576,15 @@ EXPORT_SYMBOL(xfrm_state_delete); | |||
| 576 | 576 | ||
| 577 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 577 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 578 | static inline int | 578 | static inline int |
| 579 | xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) | 579 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) |
| 580 | { | 580 | { |
| 581 | int i, err = 0; | 581 | int i, err = 0; |
| 582 | 582 | ||
| 583 | for (i = 0; i <= init_net.xfrm.state_hmask; i++) { | 583 | for (i = 0; i <= net->xfrm.state_hmask; i++) { |
| 584 | struct hlist_node *entry; | 584 | struct hlist_node *entry; |
| 585 | struct xfrm_state *x; | 585 | struct xfrm_state *x; |
| 586 | 586 | ||
| 587 | hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) { | 587 | hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) { |
| 588 | if (xfrm_id_proto_match(x->id.proto, proto) && | 588 | if (xfrm_id_proto_match(x->id.proto, proto) && |
| 589 | (err = security_xfrm_state_delete(x)) != 0) { | 589 | (err = security_xfrm_state_delete(x)) != 0) { |
| 590 | xfrm_audit_state_delete(x, 0, | 590 | xfrm_audit_state_delete(x, 0, |
| @@ -600,26 +600,26 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) | |||
| 600 | } | 600 | } |
| 601 | #else | 601 | #else |
| 602 | static inline int | 602 | static inline int |
| 603 | xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) | 603 | xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) |
| 604 | { | 604 | { |
| 605 | return 0; | 605 | return 0; |
| 606 | } | 606 | } |
| 607 | #endif | 607 | #endif |
| 608 | 608 | ||
| 609 | int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info) | 609 | int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) |
| 610 | { | 610 | { |
| 611 | int i, err = 0; | 611 | int i, err = 0; |
| 612 | 612 | ||
| 613 | spin_lock_bh(&xfrm_state_lock); | 613 | spin_lock_bh(&xfrm_state_lock); |
| 614 | err = xfrm_state_flush_secctx_check(proto, audit_info); | 614 | err = xfrm_state_flush_secctx_check(net, proto, audit_info); |
| 615 | if (err) | 615 | if (err) |
| 616 | goto out; | 616 | goto out; |
| 617 | 617 | ||
| 618 | for (i = 0; i <= init_net.xfrm.state_hmask; i++) { | 618 | for (i = 0; i <= net->xfrm.state_hmask; i++) { |
| 619 | struct hlist_node *entry; | 619 | struct hlist_node *entry; |
| 620 | struct xfrm_state *x; | 620 | struct xfrm_state *x; |
| 621 | restart: | 621 | restart: |
| 622 | hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) { | 622 | hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) { |
| 623 | if (!xfrm_state_kern(x) && | 623 | if (!xfrm_state_kern(x) && |
| 624 | xfrm_id_proto_match(x->id.proto, proto)) { | 624 | xfrm_id_proto_match(x->id.proto, proto)) { |
| 625 | xfrm_state_hold(x); | 625 | xfrm_state_hold(x); |
| @@ -641,7 +641,7 @@ restart: | |||
| 641 | 641 | ||
| 642 | out: | 642 | out: |
| 643 | spin_unlock_bh(&xfrm_state_lock); | 643 | spin_unlock_bh(&xfrm_state_lock); |
| 644 | wake_up(&init_net.xfrm.km_waitq); | 644 | wake_up(&net->xfrm.km_waitq); |
| 645 | return err; | 645 | return err; |
| 646 | } | 646 | } |
| 647 | EXPORT_SYMBOL(xfrm_state_flush); | 647 | EXPORT_SYMBOL(xfrm_state_flush); |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 765c01e784e9..49a7e897ba96 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -1398,7 +1398,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1398 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1398 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
| 1399 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1399 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
| 1400 | audit_info.secid = NETLINK_CB(skb).sid; | 1400 | audit_info.secid = NETLINK_CB(skb).sid; |
| 1401 | err = xfrm_state_flush(p->proto, &audit_info); | 1401 | err = xfrm_state_flush(&init_net, p->proto, &audit_info); |
| 1402 | if (err) | 1402 | if (err) |
| 1403 | return err; | 1403 | return err; |
| 1404 | c.data.proto = p->proto; | 1404 | c.data.proto = p->proto; |