diff options
| author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-03-07 22:05:34 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-03-07 22:05:34 -0500 |
| commit | eee8abe5de9cbd936b51db292c8d3c406b0e79e7 (patch) | |
| tree | eec36145a50ab08e85f45107b9ed15a1bc83535f /net/xfrm/xfrm_policy.c | |
| parent | 06aa5b4aae223ea4d623dc68e85466174bb92c84 (diff) | |
| parent | de79059ecd7cd650f3788ece978a64586921d1f1 (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[BRIDGE]: adding new device to bridge should enable if up
[IPV6]: Do not set IF_READY if device is down
[IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa
[IPSEC]: Add xfrm policy change auditing to pfkey_spdget
[IPSEC]: xfrm_policy delete security check misplaced
[CONNECTOR]: Bugfix for cn_call_callback()
[DCCP]: Revert patch which disables bidirectional mode
[IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky().
[UDP]: Reread uh pointer after pskb_trim
[NETFILTER]: nfnetlink_log: fix crash on bridged packet
[NETFILTER]: nfnetlink_log: zero-terminate prefix
[NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 946b715db5ec..0c3a70ac5075 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -735,12 +735,14 @@ EXPORT_SYMBOL(xfrm_policy_insert); | |||
| 735 | 735 | ||
| 736 | struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | 736 | struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, |
| 737 | struct xfrm_selector *sel, | 737 | struct xfrm_selector *sel, |
| 738 | struct xfrm_sec_ctx *ctx, int delete) | 738 | struct xfrm_sec_ctx *ctx, int delete, |
| 739 | int *err) | ||
| 739 | { | 740 | { |
| 740 | struct xfrm_policy *pol, *ret; | 741 | struct xfrm_policy *pol, *ret; |
| 741 | struct hlist_head *chain; | 742 | struct hlist_head *chain; |
| 742 | struct hlist_node *entry; | 743 | struct hlist_node *entry; |
| 743 | 744 | ||
| 745 | *err = 0; | ||
| 744 | write_lock_bh(&xfrm_policy_lock); | 746 | write_lock_bh(&xfrm_policy_lock); |
| 745 | chain = policy_hash_bysel(sel, sel->family, dir); | 747 | chain = policy_hash_bysel(sel, sel->family, dir); |
| 746 | ret = NULL; | 748 | ret = NULL; |
| @@ -750,6 +752,11 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | |||
| 750 | xfrm_sec_ctx_match(ctx, pol->security)) { | 752 | xfrm_sec_ctx_match(ctx, pol->security)) { |
| 751 | xfrm_pol_hold(pol); | 753 | xfrm_pol_hold(pol); |
| 752 | if (delete) { | 754 | if (delete) { |
| 755 | *err = security_xfrm_policy_delete(pol); | ||
| 756 | if (*err) { | ||
| 757 | write_unlock_bh(&xfrm_policy_lock); | ||
| 758 | return pol; | ||
| 759 | } | ||
| 753 | hlist_del(&pol->bydst); | 760 | hlist_del(&pol->bydst); |
| 754 | hlist_del(&pol->byidx); | 761 | hlist_del(&pol->byidx); |
| 755 | xfrm_policy_count[dir]--; | 762 | xfrm_policy_count[dir]--; |
| @@ -768,12 +775,14 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | |||
| 768 | } | 775 | } |
| 769 | EXPORT_SYMBOL(xfrm_policy_bysel_ctx); | 776 | EXPORT_SYMBOL(xfrm_policy_bysel_ctx); |
| 770 | 777 | ||
| 771 | struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) | 778 | struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete, |
| 779 | int *err) | ||
| 772 | { | 780 | { |
| 773 | struct xfrm_policy *pol, *ret; | 781 | struct xfrm_policy *pol, *ret; |
| 774 | struct hlist_head *chain; | 782 | struct hlist_head *chain; |
| 775 | struct hlist_node *entry; | 783 | struct hlist_node *entry; |
| 776 | 784 | ||
| 785 | *err = 0; | ||
| 777 | write_lock_bh(&xfrm_policy_lock); | 786 | write_lock_bh(&xfrm_policy_lock); |
| 778 | chain = xfrm_policy_byidx + idx_hash(id); | 787 | chain = xfrm_policy_byidx + idx_hash(id); |
| 779 | ret = NULL; | 788 | ret = NULL; |
| @@ -781,6 +790,11 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) | |||
| 781 | if (pol->type == type && pol->index == id) { | 790 | if (pol->type == type && pol->index == id) { |
| 782 | xfrm_pol_hold(pol); | 791 | xfrm_pol_hold(pol); |
| 783 | if (delete) { | 792 | if (delete) { |
| 793 | *err = security_xfrm_policy_delete(pol); | ||
| 794 | if (*err) { | ||
| 795 | write_unlock_bh(&xfrm_policy_lock); | ||
| 796 | return pol; | ||
| 797 | } | ||
| 784 | hlist_del(&pol->bydst); | 798 | hlist_del(&pol->bydst); |
| 785 | hlist_del(&pol->byidx); | 799 | hlist_del(&pol->byidx); |
| 786 | xfrm_policy_count[dir]--; | 800 | xfrm_policy_count[dir]--; |