[IPSEC]: Sync series - policy expires

This is similar to the SA expire insertion patch - only it inserts
expires for SP.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>

4 files changed, 60 insertions, 5 deletions

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index d409c9d5e293..156f52ef8a91 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -957,7 +957,7 @@ extern void xfrm_init_pmtu(struct dst_entry *dst);
 
 extern wait_queue_head_t km_waitq;
 extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
-extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard);
+extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
 
 extern void xfrm_input_init(void);
 extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ae62054a9fc4..453551ec87a1 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -203,7 +203,7 @@ static void xfrm_policy_timer(unsigned long data)
         }
 
         if (warn)
-                km_policy_expired(xp, dir, 0);
+                km_policy_expired(xp, dir, 0, 0);
         if (next != LONG_MAX &&
             !mod_timer(&xp->timer, jiffies + make_jiffies(next)))
                 xfrm_pol_hold(xp);
@@ -216,7 +216,7 @@ out:
 expired:
         read_unlock(&xp->lock);
         if (!xfrm_policy_delete(xp, dir))
-                km_policy_expired(xp, dir, 1);
+                km_policy_expired(xp, dir, 1, 0);
         xfrm_pol_put(xp);
 }
 
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7784adbb3362..8df547d7d61c 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -961,11 +961,12 @@ int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
 }
 EXPORT_SYMBOL(km_new_mapping);
 
-void km_policy_expired(struct xfrm_policy *pol, int dir, int hard)
+void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
 {
         struct km_event c;
 
         c.data.hard = hard;
+        c.pid = pid;
         c.event = XFRM_MSG_POLEXPIRE;
         km_policy_notify(pol, dir, &c);
 
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2dc1e69b2cb7..b46ee7d4dae7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1222,7 +1222,7 @@ out:
 
 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
-        struct km_event c;
+struct km_event c;
 
         xfrm_policy_flush();
         c.event = nlh->nlmsg_type;
@@ -1232,6 +1232,58 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
         return 0;
 }
 
+static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+        struct xfrm_policy *xp;
+        struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
+        struct xfrm_userpolicy_info *p = &up->pol;
+        int err = -ENOENT;
+
+        if (p->index)
+                xp = xfrm_policy_byid(p->dir, p->index, 0);
+        else {
+                struct rtattr **rtattrs = (struct rtattr **)xfrma;
+                struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
+                struct xfrm_policy tmp;
+
+                err = verify_sec_ctx_len(rtattrs);
+                if (err)
+                        return err;
+
+                memset(&tmp, 0, sizeof(struct xfrm_policy));
+                if (rt) {
+                        struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
+
+                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+                                return err;
+                }
+                xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, 0);
+                security_xfrm_policy_free(&tmp);
+        }
+
+        if (xp == NULL)
+                return err;
+                                                                                        read_lock(&xp->lock);
+        if (xp->dead) {
+                read_unlock(&xp->lock);
+                goto out;
+        }
+
+        read_unlock(&xp->lock);
+        err = 0;
+        if (up->hard) {
+                xfrm_policy_delete(xp, p->dir);
+        } else {
+                // reset the timers here?
+                printk("Dont know what to do with soft policy expire\n");
+        }
+        km_policy_expired(xp, p->dir, up->hard, current->pid);
+
+out:
+        xfrm_pol_put(xp);
+        return err;
+}
+
 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
         struct xfrm_state *x;
@@ -1327,6 +1379,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
         [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
         [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
         [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
+        [XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire),
         [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
         [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0),
         [XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
@@ -1352,6 +1405,7 @@ static struct xfrm_link {
         [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
         [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
         [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = { .doit = xfrm_add_sa        },
+        [XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire},
         [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa      },
         [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy  },
         [XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = { .doit = xfrm_new_ae  },