diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:17:03 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:17:03 -0500 |
commit | 53bc6b4d29c07664f3abe029b7e6878a1067899a (patch) | |
tree | d97fc26acc763dde9d1dc15573a51253180b617f | |
parent | 980ebd25794f0f87ac32844e2c73e9e81f0a72ba (diff) |
[IPSEC]: Sync series - SA expires
This patch allows a user to insert SA expires. This is useful to
do on an HA backup for the case of byte counts but may not be very
useful for the case of time based expiry.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/xfrm.h | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 17 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 30 |
3 files changed, 43 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 30a940b147b0..d409c9d5e293 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -218,6 +218,9 @@ extern void km_state_notify(struct xfrm_state *x, struct km_event *c); | |||
218 | 218 | ||
219 | struct xfrm_tmpl; | 219 | struct xfrm_tmpl; |
220 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | 220 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); |
221 | extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid); | ||
222 | extern int __xfrm_state_delete(struct xfrm_state *x); | ||
223 | |||
221 | struct xfrm_state_afinfo { | 224 | struct xfrm_state_afinfo { |
222 | unsigned short family; | 225 | unsigned short family; |
223 | rwlock_t lock; | 226 | rwlock_t lock; |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a613b5c7d409..7784adbb3362 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -52,13 +52,13 @@ static DEFINE_SPINLOCK(xfrm_state_gc_lock); | |||
52 | 52 | ||
53 | static int xfrm_state_gc_flush_bundles; | 53 | static int xfrm_state_gc_flush_bundles; |
54 | 54 | ||
55 | static int __xfrm_state_delete(struct xfrm_state *x); | 55 | int __xfrm_state_delete(struct xfrm_state *x); |
56 | 56 | ||
57 | static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); | 57 | static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); |
58 | static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); | 58 | static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); |
59 | 59 | ||
60 | int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | 60 | int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); |
61 | static void km_state_expired(struct xfrm_state *x, int hard); | 61 | void km_state_expired(struct xfrm_state *x, int hard, u32 pid); |
62 | 62 | ||
63 | static void xfrm_state_gc_destroy(struct xfrm_state *x) | 63 | static void xfrm_state_gc_destroy(struct xfrm_state *x) |
64 | { | 64 | { |
@@ -157,7 +157,7 @@ static void xfrm_timer_handler(unsigned long data) | |||
157 | 157 | ||
158 | x->km.dying = warn; | 158 | x->km.dying = warn; |
159 | if (warn) | 159 | if (warn) |
160 | km_state_expired(x, 0); | 160 | km_state_expired(x, 0, 0); |
161 | resched: | 161 | resched: |
162 | if (next != LONG_MAX && | 162 | if (next != LONG_MAX && |
163 | !mod_timer(&x->timer, jiffies + make_jiffies(next))) | 163 | !mod_timer(&x->timer, jiffies + make_jiffies(next))) |
@@ -172,7 +172,7 @@ expired: | |||
172 | goto resched; | 172 | goto resched; |
173 | } | 173 | } |
174 | if (!__xfrm_state_delete(x) && x->id.spi) | 174 | if (!__xfrm_state_delete(x) && x->id.spi) |
175 | km_state_expired(x, 1); | 175 | km_state_expired(x, 1, 0); |
176 | 176 | ||
177 | out: | 177 | out: |
178 | spin_unlock(&x->lock); | 178 | spin_unlock(&x->lock); |
@@ -221,7 +221,7 @@ void __xfrm_state_destroy(struct xfrm_state *x) | |||
221 | } | 221 | } |
222 | EXPORT_SYMBOL(__xfrm_state_destroy); | 222 | EXPORT_SYMBOL(__xfrm_state_destroy); |
223 | 223 | ||
224 | static int __xfrm_state_delete(struct xfrm_state *x) | 224 | int __xfrm_state_delete(struct xfrm_state *x) |
225 | { | 225 | { |
226 | int err = -ESRCH; | 226 | int err = -ESRCH; |
227 | 227 | ||
@@ -260,6 +260,7 @@ static int __xfrm_state_delete(struct xfrm_state *x) | |||
260 | 260 | ||
261 | return err; | 261 | return err; |
262 | } | 262 | } |
263 | EXPORT_SYMBOL(__xfrm_state_delete); | ||
263 | 264 | ||
264 | int xfrm_state_delete(struct xfrm_state *x) | 265 | int xfrm_state_delete(struct xfrm_state *x) |
265 | { | 266 | { |
@@ -595,7 +596,7 @@ int xfrm_state_check_expire(struct xfrm_state *x) | |||
595 | (x->curlft.bytes >= x->lft.soft_byte_limit || | 596 | (x->curlft.bytes >= x->lft.soft_byte_limit || |
596 | x->curlft.packets >= x->lft.soft_packet_limit)) { | 597 | x->curlft.packets >= x->lft.soft_packet_limit)) { |
597 | x->km.dying = 1; | 598 | x->km.dying = 1; |
598 | km_state_expired(x, 0); | 599 | km_state_expired(x, 0, 0); |
599 | } | 600 | } |
600 | return 0; | 601 | return 0; |
601 | } | 602 | } |
@@ -909,11 +910,12 @@ void km_state_notify(struct xfrm_state *x, struct km_event *c) | |||
909 | EXPORT_SYMBOL(km_policy_notify); | 910 | EXPORT_SYMBOL(km_policy_notify); |
910 | EXPORT_SYMBOL(km_state_notify); | 911 | EXPORT_SYMBOL(km_state_notify); |
911 | 912 | ||
912 | void km_state_expired(struct xfrm_state *x, int hard) | 913 | void km_state_expired(struct xfrm_state *x, int hard, u32 pid) |
913 | { | 914 | { |
914 | struct km_event c; | 915 | struct km_event c; |
915 | 916 | ||
916 | c.data.hard = hard; | 917 | c.data.hard = hard; |
918 | c.pid = pid; | ||
917 | c.event = XFRM_MSG_EXPIRE; | 919 | c.event = XFRM_MSG_EXPIRE; |
918 | km_state_notify(x, &c); | 920 | km_state_notify(x, &c); |
919 | 921 | ||
@@ -921,6 +923,7 @@ void km_state_expired(struct xfrm_state *x, int hard) | |||
921 | wake_up(&km_waitq); | 923 | wake_up(&km_waitq); |
922 | } | 924 | } |
923 | 925 | ||
926 | EXPORT_SYMBOL(km_state_expired); | ||
924 | /* | 927 | /* |
925 | * We send to all registered managers regardless of failure | 928 | * We send to all registered managers regardless of failure |
926 | * We are happy with one success | 929 | * We are happy with one success |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d6e6527fd8d7..2dc1e69b2cb7 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1232,6 +1232,34 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x | |||
1232 | return 0; | 1232 | return 0; |
1233 | } | 1233 | } |
1234 | 1234 | ||
1235 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | ||
1236 | { | ||
1237 | struct xfrm_state *x; | ||
1238 | int err; | ||
1239 | struct xfrm_user_expire *ue = NLMSG_DATA(nlh); | ||
1240 | struct xfrm_usersa_info *p = &ue->state; | ||
1241 | |||
1242 | x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); | ||
1243 | err = -ENOENT; | ||
1244 | |||
1245 | if (x == NULL) | ||
1246 | return err; | ||
1247 | |||
1248 | err = -EINVAL; | ||
1249 | |||
1250 | spin_lock_bh(&x->lock); | ||
1251 | if (x->km.state != XFRM_STATE_VALID) | ||
1252 | goto out; | ||
1253 | km_state_expired(x, ue->hard, current->pid); | ||
1254 | |||
1255 | if (ue->hard) | ||
1256 | __xfrm_state_delete(x); | ||
1257 | out: | ||
1258 | spin_unlock_bh(&x->lock); | ||
1259 | xfrm_state_put(x); | ||
1260 | return err; | ||
1261 | } | ||
1262 | |||
1235 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | 1263 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) |
1236 | { | 1264 | { |
1237 | struct xfrm_policy *xp; | 1265 | struct xfrm_policy *xp; |
@@ -1296,6 +1324,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { | |||
1296 | [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), | 1324 | [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), |
1297 | [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), | 1325 | [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), |
1298 | [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), | 1326 | [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), |
1327 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), | ||
1299 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), | 1328 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), |
1300 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), | 1329 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), |
1301 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), | 1330 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), |
@@ -1320,6 +1349,7 @@ static struct xfrm_link { | |||
1320 | .dump = xfrm_dump_policy }, | 1349 | .dump = xfrm_dump_policy }, |
1321 | [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, | 1350 | [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, |
1322 | [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, | 1351 | [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, |
1352 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, | ||
1323 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, | 1353 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, |
1324 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, | 1354 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, |
1325 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, | 1355 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, |