aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-11-25 20:33:32 -0500
committerDavid S. Miller <davem@davemloft.net>2008-11-25 20:33:32 -0500
commit33ffbbd52c327225a3e28485c39dc5746d81be03 (patch)
treeae11b5bbc1651fa5bb53c6c9764128ad7a8a574a
parent1121994c803f4a4f471d617443ff2a09515725e7 (diff)
netns xfrm: policy flushing in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h2
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/xfrm/xfrm_policy.c22
-rw-r--r--net/xfrm/xfrm_user.c2
4 files changed, 14 insertions, 14 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 40ed4878bc12..766cc71e96d4 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1444,7 +1444,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
1444 struct xfrm_sec_ctx *ctx, int delete, 1444 struct xfrm_sec_ctx *ctx, int delete,
1445 int *err); 1445 int *err);
1446struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); 1446struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err);
1447int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 1447int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
1448u32 xfrm_get_acqseq(void); 1448u32 xfrm_get_acqseq(void);
1449extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 1449extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
1450struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, 1450struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index b74d939e2eed..0f44856c1f12 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2686,7 +2686,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2686 audit_info.loginuid = audit_get_loginuid(current); 2686 audit_info.loginuid = audit_get_loginuid(current);
2687 audit_info.sessionid = audit_get_sessionid(current); 2687 audit_info.sessionid = audit_get_sessionid(current);
2688 audit_info.secid = 0; 2688 audit_info.secid = 0;
2689 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2689 err = xfrm_policy_flush(&init_net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2690 if (err) 2690 if (err)
2691 return err; 2691 return err;
2692 c.data.type = XFRM_POLICY_TYPE_MAIN; 2692 c.data.type = XFRM_POLICY_TYPE_MAIN;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 11fee87a0cc1..7c264a74edc0 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -732,7 +732,7 @@ EXPORT_SYMBOL(xfrm_policy_byid);
732 732
733#ifdef CONFIG_SECURITY_NETWORK_XFRM 733#ifdef CONFIG_SECURITY_NETWORK_XFRM
734static inline int 734static inline int
735xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) 735xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info)
736{ 736{
737 int dir, err = 0; 737 int dir, err = 0;
738 738
@@ -742,7 +742,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
742 int i; 742 int i;
743 743
744 hlist_for_each_entry(pol, entry, 744 hlist_for_each_entry(pol, entry,
745 &init_net.xfrm.policy_inexact[dir], bydst) { 745 &net->xfrm.policy_inexact[dir], bydst) {
746 if (pol->type != type) 746 if (pol->type != type)
747 continue; 747 continue;
748 err = security_xfrm_policy_delete(pol->security); 748 err = security_xfrm_policy_delete(pol->security);
@@ -754,9 +754,9 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
754 return err; 754 return err;
755 } 755 }
756 } 756 }
757 for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) { 757 for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) {
758 hlist_for_each_entry(pol, entry, 758 hlist_for_each_entry(pol, entry,
759 init_net.xfrm.policy_bydst[dir].table + i, 759 net->xfrm.policy_bydst[dir].table + i,
760 bydst) { 760 bydst) {
761 if (pol->type != type) 761 if (pol->type != type)
762 continue; 762 continue;
@@ -776,19 +776,19 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
776} 776}
777#else 777#else
778static inline int 778static inline int
779xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) 779xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info)
780{ 780{
781 return 0; 781 return 0;
782} 782}
783#endif 783#endif
784 784
785int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) 785int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
786{ 786{
787 int dir, err = 0; 787 int dir, err = 0;
788 788
789 write_lock_bh(&xfrm_policy_lock); 789 write_lock_bh(&xfrm_policy_lock);
790 790
791 err = xfrm_policy_flush_secctx_check(type, audit_info); 791 err = xfrm_policy_flush_secctx_check(net, type, audit_info);
792 if (err) 792 if (err)
793 goto out; 793 goto out;
794 794
@@ -800,7 +800,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
800 killed = 0; 800 killed = 0;
801 again1: 801 again1:
802 hlist_for_each_entry(pol, entry, 802 hlist_for_each_entry(pol, entry,
803 &init_net.xfrm.policy_inexact[dir], bydst) { 803 &net->xfrm.policy_inexact[dir], bydst) {
804 if (pol->type != type) 804 if (pol->type != type)
805 continue; 805 continue;
806 hlist_del(&pol->bydst); 806 hlist_del(&pol->bydst);
@@ -818,10 +818,10 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
818 goto again1; 818 goto again1;
819 } 819 }
820 820
821 for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) { 821 for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) {
822 again2: 822 again2:
823 hlist_for_each_entry(pol, entry, 823 hlist_for_each_entry(pol, entry,
824 init_net.xfrm.policy_bydst[dir].table + i, 824 net->xfrm.policy_bydst[dir].table + i,
825 bydst) { 825 bydst) {
826 if (pol->type != type) 826 if (pol->type != type)
827 continue; 827 continue;
@@ -842,7 +842,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
842 } 842 }
843 } 843 }
844 844
845 init_net.xfrm.policy_count[dir] -= killed; 845 net->xfrm.policy_count[dir] -= killed;
846 } 846 }
847 atomic_inc(&flow_cache_genid); 847 atomic_inc(&flow_cache_genid);
848out: 848out:
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 787b0ee65034..d4983e831c34 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1546,7 +1546,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1546 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1546 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1547 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1547 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1548 audit_info.secid = NETLINK_CB(skb).sid; 1548 audit_info.secid = NETLINK_CB(skb).sid;
1549 err = xfrm_policy_flush(type, &audit_info); 1549 err = xfrm_policy_flush(&init_net, type, &audit_info);
1550 if (err) 1550 if (err)
1551 return err; 1551 return err;
1552 c.data.type = type; 1552 c.data.type = type;