aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJamal Hadi Salim <hadi@cyberus.ca>2006-03-20 22:17:03 -0500
committerDavid S. Miller <davem@davemloft.net>2006-03-20 22:17:03 -0500
commit53bc6b4d29c07664f3abe029b7e6878a1067899a (patch)
treed97fc26acc763dde9d1dc15573a51253180b617f
parent980ebd25794f0f87ac32844e2c73e9e81f0a72ba (diff)
[IPSEC]: Sync series - SA expires
This patch allows a user to insert SA expires. This is useful to do on an HA backup for the case of byte counts but may not be very useful for the case of time based expiry. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h3
-rw-r--r--net/xfrm/xfrm_state.c17
-rw-r--r--net/xfrm/xfrm_user.c30
3 files changed, 43 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 30a940b147b0..d409c9d5e293 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -218,6 +218,9 @@ extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
218 218
219struct xfrm_tmpl; 219struct xfrm_tmpl;
220extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 220extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
221extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
222extern int __xfrm_state_delete(struct xfrm_state *x);
223
221struct xfrm_state_afinfo { 224struct xfrm_state_afinfo {
222 unsigned short family; 225 unsigned short family;
223 rwlock_t lock; 226 rwlock_t lock;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a613b5c7d409..7784adbb3362 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -52,13 +52,13 @@ static DEFINE_SPINLOCK(xfrm_state_gc_lock);
52 52
53static int xfrm_state_gc_flush_bundles; 53static int xfrm_state_gc_flush_bundles;
54 54
55static int __xfrm_state_delete(struct xfrm_state *x); 55int __xfrm_state_delete(struct xfrm_state *x);
56 56
57static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family); 57static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
58static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo); 58static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
59 59
60int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 60int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
61static void km_state_expired(struct xfrm_state *x, int hard); 61void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
62 62
63static void xfrm_state_gc_destroy(struct xfrm_state *x) 63static void xfrm_state_gc_destroy(struct xfrm_state *x)
64{ 64{
@@ -157,7 +157,7 @@ static void xfrm_timer_handler(unsigned long data)
157 157
158 x->km.dying = warn; 158 x->km.dying = warn;
159 if (warn) 159 if (warn)
160 km_state_expired(x, 0); 160 km_state_expired(x, 0, 0);
161resched: 161resched:
162 if (next != LONG_MAX && 162 if (next != LONG_MAX &&
163 !mod_timer(&x->timer, jiffies + make_jiffies(next))) 163 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
@@ -172,7 +172,7 @@ expired:
172 goto resched; 172 goto resched;
173 } 173 }
174 if (!__xfrm_state_delete(x) && x->id.spi) 174 if (!__xfrm_state_delete(x) && x->id.spi)
175 km_state_expired(x, 1); 175 km_state_expired(x, 1, 0);
176 176
177out: 177out:
178 spin_unlock(&x->lock); 178 spin_unlock(&x->lock);
@@ -221,7 +221,7 @@ void __xfrm_state_destroy(struct xfrm_state *x)
221} 221}
222EXPORT_SYMBOL(__xfrm_state_destroy); 222EXPORT_SYMBOL(__xfrm_state_destroy);
223 223
224static int __xfrm_state_delete(struct xfrm_state *x) 224int __xfrm_state_delete(struct xfrm_state *x)
225{ 225{
226 int err = -ESRCH; 226 int err = -ESRCH;
227 227
@@ -260,6 +260,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
260 260
261 return err; 261 return err;
262} 262}
263EXPORT_SYMBOL(__xfrm_state_delete);
263 264
264int xfrm_state_delete(struct xfrm_state *x) 265int xfrm_state_delete(struct xfrm_state *x)
265{ 266{
@@ -595,7 +596,7 @@ int xfrm_state_check_expire(struct xfrm_state *x)
595 (x->curlft.bytes >= x->lft.soft_byte_limit || 596 (x->curlft.bytes >= x->lft.soft_byte_limit ||
596 x->curlft.packets >= x->lft.soft_packet_limit)) { 597 x->curlft.packets >= x->lft.soft_packet_limit)) {
597 x->km.dying = 1; 598 x->km.dying = 1;
598 km_state_expired(x, 0); 599 km_state_expired(x, 0, 0);
599 } 600 }
600 return 0; 601 return 0;
601} 602}
@@ -909,11 +910,12 @@ void km_state_notify(struct xfrm_state *x, struct km_event *c)
909EXPORT_SYMBOL(km_policy_notify); 910EXPORT_SYMBOL(km_policy_notify);
910EXPORT_SYMBOL(km_state_notify); 911EXPORT_SYMBOL(km_state_notify);
911 912
912void km_state_expired(struct xfrm_state *x, int hard) 913void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
913{ 914{
914 struct km_event c; 915 struct km_event c;
915 916
916 c.data.hard = hard; 917 c.data.hard = hard;
918 c.pid = pid;
917 c.event = XFRM_MSG_EXPIRE; 919 c.event = XFRM_MSG_EXPIRE;
918 km_state_notify(x, &c); 920 km_state_notify(x, &c);
919 921
@@ -921,6 +923,7 @@ void km_state_expired(struct xfrm_state *x, int hard)
921 wake_up(&km_waitq); 923 wake_up(&km_waitq);
922} 924}
923 925
926EXPORT_SYMBOL(km_state_expired);
924/* 927/*
925 * We send to all registered managers regardless of failure 928 * We send to all registered managers regardless of failure
926 * We are happy with one success 929 * We are happy with one success
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d6e6527fd8d7..2dc1e69b2cb7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1232,6 +1232,34 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
1232 return 0; 1232 return 0;
1233} 1233}
1234 1234
1235static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
1236{
1237 struct xfrm_state *x;
1238 int err;
1239 struct xfrm_user_expire *ue = NLMSG_DATA(nlh);
1240 struct xfrm_usersa_info *p = &ue->state;
1241
1242 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family);
1243 err = -ENOENT;
1244
1245 if (x == NULL)
1246 return err;
1247
1248 err = -EINVAL;
1249
1250 spin_lock_bh(&x->lock);
1251 if (x->km.state != XFRM_STATE_VALID)
1252 goto out;
1253 km_state_expired(x, ue->hard, current->pid);
1254
1255 if (ue->hard)
1256 __xfrm_state_delete(x);
1257out:
1258 spin_unlock_bh(&x->lock);
1259 xfrm_state_put(x);
1260 return err;
1261}
1262
1235static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1263static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
1236{ 1264{
1237 struct xfrm_policy *xp; 1265 struct xfrm_policy *xp;
@@ -1296,6 +1324,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
1296 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1324 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
1297 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1325 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info),
1298 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1326 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire),
1327 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
1299 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1328 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
1300 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1329 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
1301 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1330 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
@@ -1320,6 +1349,7 @@ static struct xfrm_link {
1320 .dump = xfrm_dump_policy }, 1349 .dump = xfrm_dump_policy },
1321 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1350 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
1322 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1351 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire },
1352 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
1323 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1353 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
1324 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1354 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
1325 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1355 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa },