diff options
author | Masahide NAKAMURA <nakam@linux-ipv6.org> | 2006-08-24 01:49:28 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:08:35 -0400 |
commit | f7b6983f0feeefcd2a594138adcffe640593d8de (patch) | |
tree | 41878fad9f0f0306718fa832eac7dfa76f51222d /net/key/af_key.c | |
parent | 41a49cc3c02ace59d4dddae91ea211c330970ee3 (diff) |
[XFRM] POLICY: Support netlink socket interface for sub policy.
Sub policy can be used through netlink socket.
PF_KEY uses main only and it is TODO to support sub.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r-- | net/key/af_key.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 19e047b0e678..83b443ddc72f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -1731,7 +1731,8 @@ static u32 gen_reqid(void) | |||
1731 | ++reqid; | 1731 | ++reqid; |
1732 | if (reqid == 0) | 1732 | if (reqid == 0) |
1733 | reqid = IPSEC_MANUAL_REQID_MAX+1; | 1733 | reqid = IPSEC_MANUAL_REQID_MAX+1; |
1734 | if (xfrm_policy_walk(check_reqid, (void*)&reqid) != -EEXIST) | 1734 | if (xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, check_reqid, |
1735 | (void*)&reqid) != -EEXIST) | ||
1735 | return reqid; | 1736 | return reqid; |
1736 | } while (reqid != start); | 1737 | } while (reqid != start); |
1737 | return 0; | 1738 | return 0; |
@@ -2268,7 +2269,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2268 | return err; | 2269 | return err; |
2269 | } | 2270 | } |
2270 | 2271 | ||
2271 | xp = xfrm_policy_bysel_ctx(pol->sadb_x_policy_dir-1, &sel, tmp.security, 1); | 2272 | xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, |
2273 | &sel, tmp.security, 1); | ||
2272 | security_xfrm_policy_free(&tmp); | 2274 | security_xfrm_policy_free(&tmp); |
2273 | if (xp == NULL) | 2275 | if (xp == NULL) |
2274 | return -ENOENT; | 2276 | return -ENOENT; |
@@ -2330,7 +2332,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2330 | if (dir >= XFRM_POLICY_MAX) | 2332 | if (dir >= XFRM_POLICY_MAX) |
2331 | return -EINVAL; | 2333 | return -EINVAL; |
2332 | 2334 | ||
2333 | xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id, | 2335 | xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, |
2334 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); | 2336 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); |
2335 | if (xp == NULL) | 2337 | if (xp == NULL) |
2336 | return -ENOENT; | 2338 | return -ENOENT; |
@@ -2378,7 +2380,7 @@ static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg * | |||
2378 | { | 2380 | { |
2379 | struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; | 2381 | struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; |
2380 | 2382 | ||
2381 | return xfrm_policy_walk(dump_sp, &data); | 2383 | return xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_sp, &data); |
2382 | } | 2384 | } |
2383 | 2385 | ||
2384 | static int key_notify_policy_flush(struct km_event *c) | 2386 | static int key_notify_policy_flush(struct km_event *c) |
@@ -2405,7 +2407,8 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2405 | { | 2407 | { |
2406 | struct km_event c; | 2408 | struct km_event c; |
2407 | 2409 | ||
2408 | xfrm_policy_flush(); | 2410 | xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN); |
2411 | c.data.type = XFRM_POLICY_TYPE_MAIN; | ||
2409 | c.event = XFRM_MSG_FLUSHPOLICY; | 2412 | c.event = XFRM_MSG_FLUSHPOLICY; |
2410 | c.pid = hdr->sadb_msg_pid; | 2413 | c.pid = hdr->sadb_msg_pid; |
2411 | c.seq = hdr->sadb_msg_seq; | 2414 | c.seq = hdr->sadb_msg_seq; |
@@ -2667,6 +2670,9 @@ static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) | |||
2667 | 2670 | ||
2668 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2671 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) |
2669 | { | 2672 | { |
2673 | if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) | ||
2674 | return 0; | ||
2675 | |||
2670 | switch (c->event) { | 2676 | switch (c->event) { |
2671 | case XFRM_MSG_POLEXPIRE: | 2677 | case XFRM_MSG_POLEXPIRE: |
2672 | return key_notify_policy_expire(xp, c); | 2678 | return key_notify_policy_expire(xp, c); |
@@ -2675,6 +2681,8 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e | |||
2675 | case XFRM_MSG_UPDPOLICY: | 2681 | case XFRM_MSG_UPDPOLICY: |
2676 | return key_notify_policy(xp, dir, c); | 2682 | return key_notify_policy(xp, dir, c); |
2677 | case XFRM_MSG_FLUSHPOLICY: | 2683 | case XFRM_MSG_FLUSHPOLICY: |
2684 | if (c->data.type != XFRM_POLICY_TYPE_MAIN) | ||
2685 | break; | ||
2678 | return key_notify_policy_flush(c); | 2686 | return key_notify_policy_flush(c); |
2679 | default: | 2687 | default: |
2680 | printk("pfkey: Unknown policy event %d\n", c->event); | 2688 | printk("pfkey: Unknown policy event %d\n", c->event); |