diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:33:32 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:33:32 -0500 |
commit | 33ffbbd52c327225a3e28485c39dc5746d81be03 (patch) | |
tree | ae11b5bbc1651fa5bb53c6c9764128ad7a8a574a | |
parent | 1121994c803f4a4f471d617443ff2a09515725e7 (diff) |
netns xfrm: policy flushing in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/xfrm.h | 2 | ||||
-rw-r--r-- | net/key/af_key.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 22 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
4 files changed, 14 insertions, 14 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 40ed4878bc12..766cc71e96d4 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -1444,7 +1444,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | |||
1444 | struct xfrm_sec_ctx *ctx, int delete, | 1444 | struct xfrm_sec_ctx *ctx, int delete, |
1445 | int *err); | 1445 | int *err); |
1446 | struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); | 1446 | struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); |
1447 | int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); | 1447 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); |
1448 | u32 xfrm_get_acqseq(void); | 1448 | u32 xfrm_get_acqseq(void); |
1449 | extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); | 1449 | extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); |
1450 | struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, | 1450 | struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto, |
diff --git a/net/key/af_key.c b/net/key/af_key.c index b74d939e2eed..0f44856c1f12 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -2686,7 +2686,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2686 | audit_info.loginuid = audit_get_loginuid(current); | 2686 | audit_info.loginuid = audit_get_loginuid(current); |
2687 | audit_info.sessionid = audit_get_sessionid(current); | 2687 | audit_info.sessionid = audit_get_sessionid(current); |
2688 | audit_info.secid = 0; | 2688 | audit_info.secid = 0; |
2689 | err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); | 2689 | err = xfrm_policy_flush(&init_net, XFRM_POLICY_TYPE_MAIN, &audit_info); |
2690 | if (err) | 2690 | if (err) |
2691 | return err; | 2691 | return err; |
2692 | c.data.type = XFRM_POLICY_TYPE_MAIN; | 2692 | c.data.type = XFRM_POLICY_TYPE_MAIN; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 11fee87a0cc1..7c264a74edc0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -732,7 +732,7 @@ EXPORT_SYMBOL(xfrm_policy_byid); | |||
732 | 732 | ||
733 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 733 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
734 | static inline int | 734 | static inline int |
735 | xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) | 735 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) |
736 | { | 736 | { |
737 | int dir, err = 0; | 737 | int dir, err = 0; |
738 | 738 | ||
@@ -742,7 +742,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) | |||
742 | int i; | 742 | int i; |
743 | 743 | ||
744 | hlist_for_each_entry(pol, entry, | 744 | hlist_for_each_entry(pol, entry, |
745 | &init_net.xfrm.policy_inexact[dir], bydst) { | 745 | &net->xfrm.policy_inexact[dir], bydst) { |
746 | if (pol->type != type) | 746 | if (pol->type != type) |
747 | continue; | 747 | continue; |
748 | err = security_xfrm_policy_delete(pol->security); | 748 | err = security_xfrm_policy_delete(pol->security); |
@@ -754,9 +754,9 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) | |||
754 | return err; | 754 | return err; |
755 | } | 755 | } |
756 | } | 756 | } |
757 | for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) { | 757 | for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) { |
758 | hlist_for_each_entry(pol, entry, | 758 | hlist_for_each_entry(pol, entry, |
759 | init_net.xfrm.policy_bydst[dir].table + i, | 759 | net->xfrm.policy_bydst[dir].table + i, |
760 | bydst) { | 760 | bydst) { |
761 | if (pol->type != type) | 761 | if (pol->type != type) |
762 | continue; | 762 | continue; |
@@ -776,19 +776,19 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) | |||
776 | } | 776 | } |
777 | #else | 777 | #else |
778 | static inline int | 778 | static inline int |
779 | xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info) | 779 | xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) |
780 | { | 780 | { |
781 | return 0; | 781 | return 0; |
782 | } | 782 | } |
783 | #endif | 783 | #endif |
784 | 784 | ||
785 | int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) | 785 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) |
786 | { | 786 | { |
787 | int dir, err = 0; | 787 | int dir, err = 0; |
788 | 788 | ||
789 | write_lock_bh(&xfrm_policy_lock); | 789 | write_lock_bh(&xfrm_policy_lock); |
790 | 790 | ||
791 | err = xfrm_policy_flush_secctx_check(type, audit_info); | 791 | err = xfrm_policy_flush_secctx_check(net, type, audit_info); |
792 | if (err) | 792 | if (err) |
793 | goto out; | 793 | goto out; |
794 | 794 | ||
@@ -800,7 +800,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) | |||
800 | killed = 0; | 800 | killed = 0; |
801 | again1: | 801 | again1: |
802 | hlist_for_each_entry(pol, entry, | 802 | hlist_for_each_entry(pol, entry, |
803 | &init_net.xfrm.policy_inexact[dir], bydst) { | 803 | &net->xfrm.policy_inexact[dir], bydst) { |
804 | if (pol->type != type) | 804 | if (pol->type != type) |
805 | continue; | 805 | continue; |
806 | hlist_del(&pol->bydst); | 806 | hlist_del(&pol->bydst); |
@@ -818,10 +818,10 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) | |||
818 | goto again1; | 818 | goto again1; |
819 | } | 819 | } |
820 | 820 | ||
821 | for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) { | 821 | for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) { |
822 | again2: | 822 | again2: |
823 | hlist_for_each_entry(pol, entry, | 823 | hlist_for_each_entry(pol, entry, |
824 | init_net.xfrm.policy_bydst[dir].table + i, | 824 | net->xfrm.policy_bydst[dir].table + i, |
825 | bydst) { | 825 | bydst) { |
826 | if (pol->type != type) | 826 | if (pol->type != type) |
827 | continue; | 827 | continue; |
@@ -842,7 +842,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info) | |||
842 | } | 842 | } |
843 | } | 843 | } |
844 | 844 | ||
845 | init_net.xfrm.policy_count[dir] -= killed; | 845 | net->xfrm.policy_count[dir] -= killed; |
846 | } | 846 | } |
847 | atomic_inc(&flow_cache_genid); | 847 | atomic_inc(&flow_cache_genid); |
848 | out: | 848 | out: |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 787b0ee65034..d4983e831c34 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1546,7 +1546,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1546 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1546 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
1547 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1547 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
1548 | audit_info.secid = NETLINK_CB(skb).sid; | 1548 | audit_info.secid = NETLINK_CB(skb).sid; |
1549 | err = xfrm_policy_flush(type, &audit_info); | 1549 | err = xfrm_policy_flush(&init_net, type, &audit_info); |
1550 | if (err) | 1550 | if (err) |
1551 | return err; | 1551 | return err; |
1552 | c.data.type = type; | 1552 | c.data.type = type; |