diff options
| author | David S. Miller <davem@sunset.davemloft.net> | 2006-08-24 06:18:09 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:08:42 -0400 |
| commit | 9d4a706d852411154d0c91b9ffb3bec68b94b25c (patch) | |
| tree | 1613607168baa8b654c300895cd7d0ffb6f18581 /net/xfrm/xfrm_policy.c | |
| parent | f034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 (diff) | |
[XFRM]: Add generation count to xfrm_state and xfrm_dst.
Each xfrm_state inserted gets a new generation counter
value. When a bundle is created, the xfrm_dst objects
get the current generation counter of the xfrm_state
they will attach to at dst->xfrm.
xfrm_bundle_ok() will return false if it sees an
xfrm_dst with a generation count different from the
generation count of the xfrm_state that dst points to.
This provides a facility by which to passively and
cheaply invalidate cached IPSEC routes during SA
database changes.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 1732159ffd01..7fc6944ee36f 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1536,6 +1536,8 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str | |||
| 1536 | return 0; | 1536 | return 0; |
| 1537 | if (dst->xfrm->km.state != XFRM_STATE_VALID) | 1537 | if (dst->xfrm->km.state != XFRM_STATE_VALID) |
| 1538 | return 0; | 1538 | return 0; |
| 1539 | if (xdst->genid != dst->xfrm->genid) | ||
| 1540 | return 0; | ||
| 1539 | 1541 | ||
| 1540 | if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL && | 1542 | if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL && |
| 1541 | !xfrm_state_addr_flow_check(dst->xfrm, fl, family)) | 1543 | !xfrm_state_addr_flow_check(dst->xfrm, fl, family)) |