aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2010-01-23 08:37:10 -0500
committerDavid S. Miller <davem@davemloft.net>2010-01-24 02:10:42 -0500
commite071041be037eca208b62b84469a06bdfc692bea (patch)
treec78506a4a582555959ffeb94980cb0cd7f86eab5
parent2ca4231de7f7a5fd7137bac152030ba71f15e8c3 (diff)
netns xfrm: fix "ip xfrm state|policy count" misreport
"ip xfrm state|policy count" report SA/SP count from init_net, not from netns of caller process. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h4
-rw-r--r--net/xfrm/xfrm_policy.c16
-rw-r--r--net/xfrm/xfrm_state.c6
-rw-r--r--net/xfrm/xfrm_user.c14
4 files changed, 21 insertions, 19 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 6d85861ab990..60c27706e7b9 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1367,8 +1367,8 @@ struct xfrmk_spdinfo {
1367extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq); 1367extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq);
1368extern int xfrm_state_delete(struct xfrm_state *x); 1368extern int xfrm_state_delete(struct xfrm_state *x);
1369extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info); 1369extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
1370extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); 1370extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
1371extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); 1371extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
1372extern int xfrm_replay_check(struct xfrm_state *x, 1372extern int xfrm_replay_check(struct xfrm_state *x,
1373 struct sk_buff *skb, __be32 seq); 1373 struct sk_buff *skb, __be32 seq);
1374extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); 1374extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4725a549ad4d..d2c8cb57ee4c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -469,16 +469,16 @@ static inline int xfrm_byidx_should_resize(struct net *net, int total)
469 return 0; 469 return 0;
470} 470}
471 471
472void xfrm_spd_getinfo(struct xfrmk_spdinfo *si) 472void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si)
473{ 473{
474 read_lock_bh(&xfrm_policy_lock); 474 read_lock_bh(&xfrm_policy_lock);
475 si->incnt = init_net.xfrm.policy_count[XFRM_POLICY_IN]; 475 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
476 si->outcnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT]; 476 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
477 si->fwdcnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD]; 477 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
478 si->inscnt = init_net.xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX]; 478 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
479 si->outscnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX]; 479 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
480 si->fwdscnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX]; 480 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
481 si->spdhcnt = init_net.xfrm.policy_idx_hmask; 481 si->spdhcnt = net->xfrm.policy_idx_hmask;
482 si->spdhmcnt = xfrm_policy_hashmax; 482 si->spdhmcnt = xfrm_policy_hashmax;
483 read_unlock_bh(&xfrm_policy_lock); 483 read_unlock_bh(&xfrm_policy_lock);
484} 484}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index d847f1a52b44..b36cc344474b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -641,11 +641,11 @@ out:
641} 641}
642EXPORT_SYMBOL(xfrm_state_flush); 642EXPORT_SYMBOL(xfrm_state_flush);
643 643
644void xfrm_sad_getinfo(struct xfrmk_sadinfo *si) 644void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
645{ 645{
646 spin_lock_bh(&xfrm_state_lock); 646 spin_lock_bh(&xfrm_state_lock);
647 si->sadcnt = init_net.xfrm.state_num; 647 si->sadcnt = net->xfrm.state_num;
648 si->sadhcnt = init_net.xfrm.state_hmask; 648 si->sadhcnt = net->xfrm.state_hmask;
649 si->sadhmcnt = xfrm_state_hashmax; 649 si->sadhmcnt = xfrm_state_hashmax;
650 spin_unlock_bh(&xfrm_state_lock); 650 spin_unlock_bh(&xfrm_state_lock);
651} 651}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1ada6186933c..d5a712976004 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -781,7 +781,8 @@ static inline size_t xfrm_spdinfo_msgsize(void)
781 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 781 + nla_total_size(sizeof(struct xfrmu_spdhinfo));
782} 782}
783 783
784static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 784static int build_spdinfo(struct sk_buff *skb, struct net *net,
785 u32 pid, u32 seq, u32 flags)
785{ 786{
786 struct xfrmk_spdinfo si; 787 struct xfrmk_spdinfo si;
787 struct xfrmu_spdinfo spc; 788 struct xfrmu_spdinfo spc;
@@ -795,7 +796,7 @@ static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags)
795 796
796 f = nlmsg_data(nlh); 797 f = nlmsg_data(nlh);
797 *f = flags; 798 *f = flags;
798 xfrm_spd_getinfo(&si); 799 xfrm_spd_getinfo(net, &si);
799 spc.incnt = si.incnt; 800 spc.incnt = si.incnt;
800 spc.outcnt = si.outcnt; 801 spc.outcnt = si.outcnt;
801 spc.fwdcnt = si.fwdcnt; 802 spc.fwdcnt = si.fwdcnt;
@@ -828,7 +829,7 @@ static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
828 if (r_skb == NULL) 829 if (r_skb == NULL)
829 return -ENOMEM; 830 return -ENOMEM;
830 831
831 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 832 if (build_spdinfo(r_skb, net, spid, seq, *flags) < 0)
832 BUG(); 833 BUG();
833 834
834 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 835 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid);
@@ -841,7 +842,8 @@ static inline size_t xfrm_sadinfo_msgsize(void)
841 + nla_total_size(4); /* XFRMA_SAD_CNT */ 842 + nla_total_size(4); /* XFRMA_SAD_CNT */
842} 843}
843 844
844static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 845static int build_sadinfo(struct sk_buff *skb, struct net *net,
846 u32 pid, u32 seq, u32 flags)
845{ 847{
846 struct xfrmk_sadinfo si; 848 struct xfrmk_sadinfo si;
847 struct xfrmu_sadhinfo sh; 849 struct xfrmu_sadhinfo sh;
@@ -854,7 +856,7 @@ static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags)
854 856
855 f = nlmsg_data(nlh); 857 f = nlmsg_data(nlh);
856 *f = flags; 858 *f = flags;
857 xfrm_sad_getinfo(&si); 859 xfrm_sad_getinfo(net, &si);
858 860
859 sh.sadhmcnt = si.sadhmcnt; 861 sh.sadhmcnt = si.sadhmcnt;
860 sh.sadhcnt = si.sadhcnt; 862 sh.sadhcnt = si.sadhcnt;
@@ -882,7 +884,7 @@ static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
882 if (r_skb == NULL) 884 if (r_skb == NULL)
883 return -ENOMEM; 885 return -ENOMEM;
884 886
885 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 887 if (build_sadinfo(r_skb, net, spid, seq, *flags) < 0)
886 BUG(); 888 BUG();
887 889
888 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 890 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid);