diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2010-02-18 21:00:42 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-19 16:11:50 -0500 |
commit | 2f1eb65f366b81aa3c22c31e6e8db26168777ec5 (patch) | |
tree | 3c838f5801d0842c586519ddd4d991e22ac3ecd0 /net/xfrm/xfrm_policy.c | |
parent | 9e64cc9572b43afcbcd2d004538db435f2cd0587 (diff) |
xfrm: Flushing empty SPD generates false events
To see the effect make sure you have an empty SPD.
On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
You get prompt back in window2 and you see the flush event on window1.
With this fix, you still get prompt on window1 but no event on window2.
Thanks to Alexey Dobriyan for finding a bug in earlier version
when using pfkey to do the flushing.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 4368e7b88469..d6eb16d75243 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -771,7 +771,8 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
771 | 771 | ||
772 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | 772 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) |
773 | { | 773 | { |
774 | int dir, err = 0; | 774 | int dir, err = 0, cnt = 0; |
775 | struct xfrm_policy *dp; | ||
775 | 776 | ||
776 | write_lock_bh(&xfrm_policy_lock); | 777 | write_lock_bh(&xfrm_policy_lock); |
777 | 778 | ||
@@ -789,8 +790,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
789 | &net->xfrm.policy_inexact[dir], bydst) { | 790 | &net->xfrm.policy_inexact[dir], bydst) { |
790 | if (pol->type != type) | 791 | if (pol->type != type) |
791 | continue; | 792 | continue; |
792 | __xfrm_policy_unlink(pol, dir); | 793 | dp = __xfrm_policy_unlink(pol, dir); |
793 | write_unlock_bh(&xfrm_policy_lock); | 794 | write_unlock_bh(&xfrm_policy_lock); |
795 | if (dp) | ||
796 | cnt++; | ||
794 | 797 | ||
795 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, | 798 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, |
796 | audit_info->sessionid, | 799 | audit_info->sessionid, |
@@ -809,8 +812,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
809 | bydst) { | 812 | bydst) { |
810 | if (pol->type != type) | 813 | if (pol->type != type) |
811 | continue; | 814 | continue; |
812 | __xfrm_policy_unlink(pol, dir); | 815 | dp = __xfrm_policy_unlink(pol, dir); |
813 | write_unlock_bh(&xfrm_policy_lock); | 816 | write_unlock_bh(&xfrm_policy_lock); |
817 | if (dp) | ||
818 | cnt++; | ||
814 | 819 | ||
815 | xfrm_audit_policy_delete(pol, 1, | 820 | xfrm_audit_policy_delete(pol, 1, |
816 | audit_info->loginuid, | 821 | audit_info->loginuid, |
@@ -824,6 +829,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
824 | } | 829 | } |
825 | 830 | ||
826 | } | 831 | } |
832 | if (!cnt) | ||
833 | err = -ESRCH; | ||
827 | atomic_inc(&flow_cache_genid); | 834 | atomic_inc(&flow_cache_genid); |
828 | out: | 835 | out: |
829 | write_unlock_bh(&xfrm_policy_lock); | 836 | write_unlock_bh(&xfrm_policy_lock); |