aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-10-10 10:16:31 -0400
committerPaul Moore <paul.moore@hp.com>2008-10-10 10:16:31 -0400
commitb1edeb102397546438ab4624489c6ccd7b410d97 (patch)
treece7033f678ffe46ec3f517bb2771b9cbb04d62bb /net/netlabel
parenta8134296ba9940b5b271d908666e532d34430a3c (diff)
netlabel: Replace protocol/NetLabel linking with refrerence counts
NetLabel has always had a list of backpointers in the CIPSO DOI definition structure which pointed to the NetLabel LSM domain mapping structures which referenced the CIPSO DOI struct. The rationale for this was that when an administrator removed a CIPSO DOI from the system all of the associated NetLabel LSM domain mappings should be removed as well; a list of backpointers made this a simple operation. Unfortunately, while the backpointers did make the removal easier they were a bit of a mess from an implementation point of view which was making further development difficult. Since the removal of a CIPSO DOI is a realtively rare event it seems to make sense to remove this backpointer list as the optimization was hurting us more then it was helping. However, we still need to be able to track when a CIPSO DOI definition is being used so replace the backpointer list with a reference count. In order to preserve the current functionality of removing the associated LSM domain mappings when a CIPSO DOI is removed we walk the LSM domain mapping table, removing the relevant entries. Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel')
-rw-r--r--net/netlabel/netlabel_cipso_v4.c77
-rw-r--r--net/netlabel/netlabel_domainhash.c95
-rw-r--r--net/netlabel/netlabel_domainhash.h2
-rw-r--r--net/netlabel/netlabel_kapi.c43
-rw-r--r--net/netlabel/netlabel_mgmt.c24
5 files changed, 123 insertions, 118 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index aaf50032b3ac..5c4f60bbc82d 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -43,6 +43,7 @@
43#include "netlabel_user.h" 43#include "netlabel_user.h"
44#include "netlabel_cipso_v4.h" 44#include "netlabel_cipso_v4.h"
45#include "netlabel_mgmt.h" 45#include "netlabel_mgmt.h"
46#include "netlabel_domainhash.h"
46 47
47/* Argument struct for cipso_v4_doi_walk() */ 48/* Argument struct for cipso_v4_doi_walk() */
48struct netlbl_cipsov4_doiwalk_arg { 49struct netlbl_cipsov4_doiwalk_arg {
@@ -51,6 +52,12 @@ struct netlbl_cipsov4_doiwalk_arg {
51 u32 seq; 52 u32 seq;
52}; 53};
53 54
55/* Argument struct for netlbl_domhsh_walk() */
56struct netlbl_domhsh_walk_arg {
57 struct netlbl_audit *audit_info;
58 u32 doi;
59};
60
54/* NetLabel Generic NETLINK CIPSOv4 family */ 61/* NetLabel Generic NETLINK CIPSOv4 family */
55static struct genl_family netlbl_cipsov4_gnl_family = { 62static struct genl_family netlbl_cipsov4_gnl_family = {
56 .id = GENL_ID_GENERATE, 63 .id = GENL_ID_GENERATE,
@@ -81,32 +88,6 @@ static const struct nla_policy netlbl_cipsov4_genl_policy[NLBL_CIPSOV4_A_MAX + 1
81 */ 88 */
82 89
83/** 90/**
84 * netlbl_cipsov4_doi_free - Frees a CIPSO V4 DOI definition
85 * @entry: the entry's RCU field
86 *
87 * Description:
88 * This function is designed to be used as a callback to the call_rcu()
89 * function so that the memory allocated to the DOI definition can be released
90 * safely.
91 *
92 */
93void netlbl_cipsov4_doi_free(struct rcu_head *entry)
94{
95 struct cipso_v4_doi *ptr;
96
97 ptr = container_of(entry, struct cipso_v4_doi, rcu);
98 switch (ptr->type) {
99 case CIPSO_V4_MAP_STD:
100 kfree(ptr->map.std->lvl.cipso);
101 kfree(ptr->map.std->lvl.local);
102 kfree(ptr->map.std->cat.cipso);
103 kfree(ptr->map.std->cat.local);
104 break;
105 }
106 kfree(ptr);
107}
108
109/**
110 * netlbl_cipsov4_add_common - Parse the common sections of a ADD message 91 * netlbl_cipsov4_add_common - Parse the common sections of a ADD message
111 * @info: the Generic NETLINK info block 92 * @info: the Generic NETLINK info block
112 * @doi_def: the CIPSO V4 DOI definition 93 * @doi_def: the CIPSO V4 DOI definition
@@ -342,7 +323,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info)
342 323
343add_std_failure: 324add_std_failure:
344 if (doi_def) 325 if (doi_def)
345 netlbl_cipsov4_doi_free(&doi_def->rcu); 326 cipso_v4_doi_free(doi_def);
346 return ret_val; 327 return ret_val;
347} 328}
348 329
@@ -379,7 +360,7 @@ static int netlbl_cipsov4_add_pass(struct genl_info *info)
379 return 0; 360 return 0;
380 361
381add_pass_failure: 362add_pass_failure:
382 netlbl_cipsov4_doi_free(&doi_def->rcu); 363 cipso_v4_doi_free(doi_def);
383 return ret_val; 364 return ret_val;
384} 365}
385 366
@@ -668,6 +649,29 @@ static int netlbl_cipsov4_listall(struct sk_buff *skb,
668} 649}
669 650
670/** 651/**
652 * netlbl_cipsov4_remove_cb - netlbl_cipsov4_remove() callback for REMOVE
653 * @entry: LSM domain mapping entry
654 * @arg: the netlbl_domhsh_walk_arg structure
655 *
656 * Description:
657 * This function is intended for use by netlbl_cipsov4_remove() as the callback
658 * for the netlbl_domhsh_walk() function; it removes LSM domain map entries
659 * which are associated with the CIPSO DOI specified in @arg. Returns zero on
660 * success, negative values on failure.
661 *
662 */
663static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg)
664{
665 struct netlbl_domhsh_walk_arg *cb_arg = arg;
666
667 if (entry->type == NETLBL_NLTYPE_CIPSOV4 &&
668 entry->type_def.cipsov4->doi == cb_arg->doi)
669 return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);
670
671 return 0;
672}
673
674/**
671 * netlbl_cipsov4_remove - Handle a REMOVE message 675 * netlbl_cipsov4_remove - Handle a REMOVE message
672 * @skb: the NETLINK buffer 676 * @skb: the NETLINK buffer
673 * @info: the Generic NETLINK info block 677 * @info: the Generic NETLINK info block
@@ -681,8 +685,11 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
681{ 685{
682 int ret_val = -EINVAL; 686 int ret_val = -EINVAL;
683 u32 doi = 0; 687 u32 doi = 0;
688 struct netlbl_domhsh_walk_arg cb_arg;
684 struct audit_buffer *audit_buf; 689 struct audit_buffer *audit_buf;
685 struct netlbl_audit audit_info; 690 struct netlbl_audit audit_info;
691 u32 skip_bkt = 0;
692 u32 skip_chain = 0;
686 693
687 if (!info->attrs[NLBL_CIPSOV4_A_DOI]) 694 if (!info->attrs[NLBL_CIPSOV4_A_DOI])
688 return -EINVAL; 695 return -EINVAL;
@@ -690,11 +697,15 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
690 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); 697 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
691 netlbl_netlink_auditinfo(skb, &audit_info); 698 netlbl_netlink_auditinfo(skb, &audit_info);
692 699
693 ret_val = cipso_v4_doi_remove(doi, 700 cb_arg.doi = doi;
694 &audit_info, 701 cb_arg.audit_info = &audit_info;
695 netlbl_cipsov4_doi_free); 702 ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
696 if (ret_val == 0) 703 netlbl_cipsov4_remove_cb, &cb_arg);
697 atomic_dec(&netlabel_mgmt_protocount); 704 if (ret_val == 0 || ret_val == -ENOENT) {
705 ret_val = cipso_v4_doi_remove(doi, &audit_info);
706 if (ret_val == 0)
707 atomic_dec(&netlabel_mgmt_protocount);
708 }
698 709
699 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, 710 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
700 &audit_info); 711 &audit_info);
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index dc42206c4312..0243f0c57b41 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -217,20 +217,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
217 u32 bkt; 217 u32 bkt;
218 struct audit_buffer *audit_buf; 218 struct audit_buffer *audit_buf;
219 219
220 switch (entry->type) {
221 case NETLBL_NLTYPE_UNLABELED:
222 ret_val = 0;
223 break;
224 case NETLBL_NLTYPE_CIPSOV4:
225 ret_val = cipso_v4_doi_domhsh_add(entry->type_def.cipsov4,
226 entry->domain);
227 break;
228 default:
229 return -EINVAL;
230 }
231 if (ret_val != 0)
232 return ret_val;
233
234 entry->valid = 1; 220 entry->valid = 1;
235 INIT_RCU_HEAD(&entry->rcu); 221 INIT_RCU_HEAD(&entry->rcu);
236 222
@@ -271,16 +257,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
271 } 257 }
272 rcu_read_unlock(); 258 rcu_read_unlock();
273 259
274 if (ret_val != 0) {
275 switch (entry->type) {
276 case NETLBL_NLTYPE_CIPSOV4:
277 if (cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4,
278 entry->domain) != 0)
279 BUG();
280 break;
281 }
282 }
283
284 return ret_val; 260 return ret_val;
285} 261}
286 262
@@ -302,35 +278,26 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
302} 278}
303 279
304/** 280/**
305 * netlbl_domhsh_remove - Removes an entry from the domain hash table 281 * netlbl_domhsh_remove_entry - Removes a given entry from the domain table
306 * @domain: the domain to remove 282 * @entry: the entry to remove
307 * @audit_info: NetLabel audit information 283 * @audit_info: NetLabel audit information
308 * 284 *
309 * Description: 285 * Description:
310 * Removes an entry from the domain hash table and handles any updates to the 286 * Removes an entry from the domain hash table and handles any updates to the
311 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 287 * lower level protocol handler (i.e. CIPSO). Caller is responsible for
312 * negative on failure. 288 * ensuring that the RCU read lock is held. Returns zero on success, negative
289 * on failure.
313 * 290 *
314 */ 291 */
315int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info) 292int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
293 struct netlbl_audit *audit_info)
316{ 294{
317 int ret_val = -ENOENT; 295 int ret_val = 0;
318 struct netlbl_dom_map *entry;
319 struct audit_buffer *audit_buf; 296 struct audit_buffer *audit_buf;
320 297
321 rcu_read_lock();
322 if (domain)
323 entry = netlbl_domhsh_search(domain);
324 else
325 entry = netlbl_domhsh_search_def(domain);
326 if (entry == NULL) 298 if (entry == NULL)
327 goto remove_return; 299 return -ENOENT;
328 switch (entry->type) { 300
329 case NETLBL_NLTYPE_CIPSOV4:
330 cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4,
331 entry->domain);
332 break;
333 }
334 spin_lock(&netlbl_domhsh_lock); 301 spin_lock(&netlbl_domhsh_lock);
335 if (entry->valid) { 302 if (entry->valid) {
336 entry->valid = 0; 303 entry->valid = 0;
@@ -338,8 +305,8 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
338 list_del_rcu(&entry->list); 305 list_del_rcu(&entry->list);
339 else 306 else
340 rcu_assign_pointer(netlbl_domhsh_def, NULL); 307 rcu_assign_pointer(netlbl_domhsh_def, NULL);
341 ret_val = 0; 308 } else
342 } 309 ret_val = -ENOENT;
343 spin_unlock(&netlbl_domhsh_lock); 310 spin_unlock(&netlbl_domhsh_lock);
344 311
345 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); 312 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
@@ -351,10 +318,42 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
351 audit_log_end(audit_buf); 318 audit_log_end(audit_buf);
352 } 319 }
353 320
354remove_return: 321 if (ret_val == 0) {
355 rcu_read_unlock(); 322 switch (entry->type) {
356 if (ret_val == 0) 323 case NETLBL_NLTYPE_CIPSOV4:
324 cipso_v4_doi_putdef(entry->type_def.cipsov4);
325 break;
326 }
357 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); 327 call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
328 }
329
330 return ret_val;
331}
332
333/**
334 * netlbl_domhsh_remove - Removes an entry from the domain hash table
335 * @domain: the domain to remove
336 * @audit_info: NetLabel audit information
337 *
338 * Description:
339 * Removes an entry from the domain hash table and handles any updates to the
340 * lower level protocol handler (i.e. CIPSO). Returns zero on success,
341 * negative on failure.
342 *
343 */
344int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
345{
346 int ret_val;
347 struct netlbl_dom_map *entry;
348
349 rcu_read_lock();
350 if (domain)
351 entry = netlbl_domhsh_search(domain);
352 else
353 entry = netlbl_domhsh_search_def(domain);
354 ret_val = netlbl_domhsh_remove_entry(entry, audit_info);
355 rcu_read_unlock();
356
358 return ret_val; 357 return ret_val;
359} 358}
360 359
diff --git a/net/netlabel/netlabel_domainhash.h b/net/netlabel/netlabel_domainhash.h
index 8220990ceb96..afcc41a7432d 100644
--- a/net/netlabel/netlabel_domainhash.h
+++ b/net/netlabel/netlabel_domainhash.h
@@ -61,6 +61,8 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
61 struct netlbl_audit *audit_info); 61 struct netlbl_audit *audit_info);
62int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, 62int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
63 struct netlbl_audit *audit_info); 63 struct netlbl_audit *audit_info);
64int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
65 struct netlbl_audit *audit_info);
64int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info); 66int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
65int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info); 67int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info);
66struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain); 68struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain);
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 22faba620e4b..7d8ecea93914 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -121,10 +121,15 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
121 struct netlbl_audit *audit_info) 121 struct netlbl_audit *audit_info)
122{ 122{
123 int ret_val = -ENOMEM; 123 int ret_val = -ENOMEM;
124 u32 doi;
125 u32 doi_type;
124 struct netlbl_dom_map *entry; 126 struct netlbl_dom_map *entry;
125 const char *type_str; 127 const char *type_str;
126 struct audit_buffer *audit_buf; 128 struct audit_buffer *audit_buf;
127 129
130 doi = doi_def->doi;
131 doi_type = doi_def->type;
132
128 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 133 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
129 if (entry == NULL) 134 if (entry == NULL)
130 return -ENOMEM; 135 return -ENOMEM;
@@ -133,32 +138,25 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
133 if (entry->domain == NULL) 138 if (entry->domain == NULL)
134 goto cfg_cipsov4_add_map_failure; 139 goto cfg_cipsov4_add_map_failure;
135 } 140 }
136 entry->type = NETLBL_NLTYPE_CIPSOV4;
137 entry->type_def.cipsov4 = doi_def;
138
139 /* Grab a RCU read lock here so nothing happens to the doi_def variable
140 * between adding it to the CIPSOv4 protocol engine and adding a
141 * domain mapping for it. */
142 141
143 rcu_read_lock();
144 ret_val = cipso_v4_doi_add(doi_def); 142 ret_val = cipso_v4_doi_add(doi_def);
145 if (ret_val != 0) 143 if (ret_val != 0)
146 goto cfg_cipsov4_add_map_failure_unlock; 144 goto cfg_cipsov4_add_map_failure_remove_doi;
145 entry->type = NETLBL_NLTYPE_CIPSOV4;
146 entry->type_def.cipsov4 = cipso_v4_doi_getdef(doi);
147 if (entry->type_def.cipsov4 == NULL) {
148 ret_val = -ENOENT;
149 goto cfg_cipsov4_add_map_failure_remove_doi;
150 }
147 ret_val = netlbl_domhsh_add(entry, audit_info); 151 ret_val = netlbl_domhsh_add(entry, audit_info);
148 if (ret_val != 0) 152 if (ret_val != 0)
149 goto cfg_cipsov4_add_map_failure_remove_doi; 153 goto cfg_cipsov4_add_map_failure_release_doi;
150 rcu_read_unlock();
151
152 return 0;
153 154
154cfg_cipsov4_add_map_failure_remove_doi: 155cfg_cipsov4_add_map_return:
155 cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free);
156cfg_cipsov4_add_map_failure_unlock:
157 rcu_read_unlock();
158 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, 156 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
159 audit_info); 157 audit_info);
160 if (audit_buf != NULL) { 158 if (audit_buf != NULL) {
161 switch (doi_def->type) { 159 switch (doi_type) {
162 case CIPSO_V4_MAP_STD: 160 case CIPSO_V4_MAP_STD:
163 type_str = "std"; 161 type_str = "std";
164 break; 162 break;
@@ -170,14 +168,21 @@ cfg_cipsov4_add_map_failure_unlock:
170 } 168 }
171 audit_log_format(audit_buf, 169 audit_log_format(audit_buf,
172 " cipso_doi=%u cipso_type=%s res=%u", 170 " cipso_doi=%u cipso_type=%s res=%u",
173 doi_def->doi, type_str, ret_val == 0 ? 1 : 0); 171 doi, type_str, ret_val == 0 ? 1 : 0);
174 audit_log_end(audit_buf); 172 audit_log_end(audit_buf);
175 } 173 }
174
175 return ret_val;
176
177cfg_cipsov4_add_map_failure_release_doi:
178 cipso_v4_doi_putdef(doi_def);
179cfg_cipsov4_add_map_failure_remove_doi:
180 cipso_v4_doi_remove(doi, audit_info);
176cfg_cipsov4_add_map_failure: 181cfg_cipsov4_add_map_failure:
177 if (entry != NULL) 182 if (entry != NULL)
178 kfree(entry->domain); 183 kfree(entry->domain);
179 kfree(entry); 184 kfree(entry);
180 return ret_val; 185 goto cfg_cipsov4_add_map_return;
181} 186}
182 187
183/* 188/*
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index 44be5d5261f4..c4e18c7bc0c1 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -122,18 +122,12 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info)
122 goto add_failure; 122 goto add_failure;
123 123
124 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); 124 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]);
125 /* We should be holding a rcu_read_lock() here while we hold
126 * the result but since the entry will always be deleted when
127 * the CIPSO DOI is deleted we aren't going to keep the
128 * lock. */
129 rcu_read_lock();
130 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val); 125 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val);
131 if (entry->type_def.cipsov4 == NULL) { 126 if (entry->type_def.cipsov4 == NULL)
132 rcu_read_unlock();
133 goto add_failure; 127 goto add_failure;
134 }
135 ret_val = netlbl_domhsh_add(entry, &audit_info); 128 ret_val = netlbl_domhsh_add(entry, &audit_info);
136 rcu_read_unlock(); 129 if (ret_val != 0)
130 cipso_v4_doi_putdef(entry->type_def.cipsov4);
137 break; 131 break;
138 default: 132 default:
139 goto add_failure; 133 goto add_failure;
@@ -294,18 +288,12 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info)
294 goto adddef_failure; 288 goto adddef_failure;
295 289
296 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]); 290 tmp_val = nla_get_u32(info->attrs[NLBL_MGMT_A_CV4DOI]);
297 /* We should be holding a rcu_read_lock() here while we hold
298 * the result but since the entry will always be deleted when
299 * the CIPSO DOI is deleted we aren't going to keep the
300 * lock. */
301 rcu_read_lock();
302 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val); 291 entry->type_def.cipsov4 = cipso_v4_doi_getdef(tmp_val);
303 if (entry->type_def.cipsov4 == NULL) { 292 if (entry->type_def.cipsov4 == NULL)
304 rcu_read_unlock();
305 goto adddef_failure; 293 goto adddef_failure;
306 }
307 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 294 ret_val = netlbl_domhsh_add_default(entry, &audit_info);
308 rcu_read_unlock(); 295 if (ret_val != 0)
296 cipso_v4_doi_putdef(entry->type_def.cipsov4);
309 break; 297 break;
310 default: 298 default:
311 goto adddef_failure; 299 goto adddef_failure;