diff options
| author | Masahide NAKAMURA <nakam@linux-ipv6.org> | 2006-08-24 01:49:28 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:08:35 -0400 |
| commit | f7b6983f0feeefcd2a594138adcffe640593d8de (patch) | |
| tree | 41878fad9f0f0306718fa832eac7dfa76f51222d /net/key | |
| parent | 41a49cc3c02ace59d4dddae91ea211c330970ee3 (diff) | |
[XFRM] POLICY: Support netlink socket interface for sub policy.
Sub policy can be used through netlink socket.
PF_KEY uses main only and it is TODO to support sub.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key')
| -rw-r--r-- | net/key/af_key.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 19e047b0e678..83b443ddc72f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -1731,7 +1731,8 @@ static u32 gen_reqid(void) | |||
| 1731 | ++reqid; | 1731 | ++reqid; |
| 1732 | if (reqid == 0) | 1732 | if (reqid == 0) |
| 1733 | reqid = IPSEC_MANUAL_REQID_MAX+1; | 1733 | reqid = IPSEC_MANUAL_REQID_MAX+1; |
| 1734 | if (xfrm_policy_walk(check_reqid, (void*)&reqid) != -EEXIST) | 1734 | if (xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, check_reqid, |
| 1735 | (void*)&reqid) != -EEXIST) | ||
| 1735 | return reqid; | 1736 | return reqid; |
| 1736 | } while (reqid != start); | 1737 | } while (reqid != start); |
| 1737 | return 0; | 1738 | return 0; |
| @@ -2268,7 +2269,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 2268 | return err; | 2269 | return err; |
| 2269 | } | 2270 | } |
| 2270 | 2271 | ||
| 2271 | xp = xfrm_policy_bysel_ctx(pol->sadb_x_policy_dir-1, &sel, tmp.security, 1); | 2272 | xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, |
| 2273 | &sel, tmp.security, 1); | ||
| 2272 | security_xfrm_policy_free(&tmp); | 2274 | security_xfrm_policy_free(&tmp); |
| 2273 | if (xp == NULL) | 2275 | if (xp == NULL) |
| 2274 | return -ENOENT; | 2276 | return -ENOENT; |
| @@ -2330,7 +2332,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
| 2330 | if (dir >= XFRM_POLICY_MAX) | 2332 | if (dir >= XFRM_POLICY_MAX) |
| 2331 | return -EINVAL; | 2333 | return -EINVAL; |
| 2332 | 2334 | ||
| 2333 | xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id, | 2335 | xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, |
| 2334 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); | 2336 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); |
| 2335 | if (xp == NULL) | 2337 | if (xp == NULL) |
| 2336 | return -ENOENT; | 2338 | return -ENOENT; |
| @@ -2378,7 +2380,7 @@ static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg * | |||
| 2378 | { | 2380 | { |
| 2379 | struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; | 2381 | struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk }; |
| 2380 | 2382 | ||
| 2381 | return xfrm_policy_walk(dump_sp, &data); | 2383 | return xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_sp, &data); |
| 2382 | } | 2384 | } |
| 2383 | 2385 | ||
| 2384 | static int key_notify_policy_flush(struct km_event *c) | 2386 | static int key_notify_policy_flush(struct km_event *c) |
| @@ -2405,7 +2407,8 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 2405 | { | 2407 | { |
| 2406 | struct km_event c; | 2408 | struct km_event c; |
| 2407 | 2409 | ||
| 2408 | xfrm_policy_flush(); | 2410 | xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN); |
| 2411 | c.data.type = XFRM_POLICY_TYPE_MAIN; | ||
| 2409 | c.event = XFRM_MSG_FLUSHPOLICY; | 2412 | c.event = XFRM_MSG_FLUSHPOLICY; |
| 2410 | c.pid = hdr->sadb_msg_pid; | 2413 | c.pid = hdr->sadb_msg_pid; |
| 2411 | c.seq = hdr->sadb_msg_seq; | 2414 | c.seq = hdr->sadb_msg_seq; |
| @@ -2667,6 +2670,9 @@ static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) | |||
| 2667 | 2670 | ||
| 2668 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2671 | static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) |
| 2669 | { | 2672 | { |
| 2673 | if (xp && xp->type != XFRM_POLICY_TYPE_MAIN) | ||
| 2674 | return 0; | ||
| 2675 | |||
| 2670 | switch (c->event) { | 2676 | switch (c->event) { |
| 2671 | case XFRM_MSG_POLEXPIRE: | 2677 | case XFRM_MSG_POLEXPIRE: |
| 2672 | return key_notify_policy_expire(xp, c); | 2678 | return key_notify_policy_expire(xp, c); |
| @@ -2675,6 +2681,8 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e | |||
| 2675 | case XFRM_MSG_UPDPOLICY: | 2681 | case XFRM_MSG_UPDPOLICY: |
| 2676 | return key_notify_policy(xp, dir, c); | 2682 | return key_notify_policy(xp, dir, c); |
| 2677 | case XFRM_MSG_FLUSHPOLICY: | 2683 | case XFRM_MSG_FLUSHPOLICY: |
| 2684 | if (c->data.type != XFRM_POLICY_TYPE_MAIN) | ||
| 2685 | break; | ||
| 2678 | return key_notify_policy_flush(c); | 2686 | return key_notify_policy_flush(c); |
| 2679 | default: | 2687 | default: |
| 2680 | printk("pfkey: Unknown policy event %d\n", c->event); | 2688 | printk("pfkey: Unknown policy event %d\n", c->event); |