[IPSEC]: Perform SA switchover immediately.

When we insert a new xfrm_state which potentially
subsumes an existing one, make sure all cached
bundles are flushed so that the new SA is used
immediately.

Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 5 insertions, 0 deletions

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7cf48aa6c95b..479effc97666 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -431,6 +431,8 @@ void xfrm_state_insert(struct xfrm_state *x)
         spin_lock_bh(&xfrm_state_lock);
         __xfrm_state_insert(x);
         spin_unlock_bh(&xfrm_state_lock);
+
+        xfrm_flush_all_bundles();
 }
 EXPORT_SYMBOL(xfrm_state_insert);
 
@@ -478,6 +480,9 @@ out:
         spin_unlock_bh(&xfrm_state_lock);
         xfrm_state_put_afinfo(afinfo);
 
+        if (!err)
+                xfrm_flush_all_bundles();
+
         if (x1) {
                 xfrm_state_delete(x1);
                 xfrm_state_put(x1);