[IPSEC] Kill spurious hard expire messages

This patch ensures that the hard state/policy expire notifications are only sent when the state/policy is successfully removed from their respective tables. As it is, it's possible for a state/policy to both expire through reaching a hard limit, as well as being deleted by the user. Note that this behaviour isn't actually forbidden by RFC 2367. However, it is a quality of implementation issue. As an added bonus, the restructuring in this patch will help eventually in moving the expire notifications from softirq context into process context, thus improving their reliability. One important side-effect from this change is that SAs reaching their hard byte/packet limits are now deleted immediately, just like SAs that have reached their hard time limits. Previously they were announced immediately but only deleted after 30 seconds. This is bad because it prevents the system from issuing an ACQUIRE command until the existing state was deleted by the user or expires after the time is up. In the scenario where the expire notification was lost this introduces a 30 second delay into the system for no good reason. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Herbert Xu <herbert@gondor.apana.org.au> 2005-06-19 01:43:22 -0400
committer: David S. Miller <davem@davemloft.net> 2005-06-19 01:43:22 -0400
commit: 4666faab095230ec8aa62da6c33391287f281154 (patch)
tree: 36d61925bb02dd7de537ff65d35190eeebbf47fa /net/xfrm/xfrm_state.c
parent: 26b15dad9f1c19d6d4f7b999b07eaa6d98e4b375 (diff)
1 files changed, 7 insertions, 9 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 918a94c552a5..94f7416a4ab0 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -154,6 +154,7 @@ static void xfrm_timer_handler(unsigned long data)
                        next = tmo;
        }
+        x->km.dying = warn;
        if (warn)
                km_state_expired(x, 0);
 resched:
@@ -169,9 +170,8 @@ expired:
                next = 2;
                goto resched;
        }
-        if (x->id.spi != 0)
+        if (!__xfrm_state_delete(x) && x->id.spi)
                km_state_expired(x, 1);
-        __xfrm_state_delete(x);
 out:
        spin_unlock(&x->lock);
@@ -566,16 +566,18 @@ int xfrm_state_check_expire(struct xfrm_state *x)
        if (x->curlft.bytes >= x->lft.hard_byte_limit ||
            x->curlft.packets >= x->lft.hard_packet_limit) {
-                km_state_expired(x, 1);
+                x->km.state = XFRM_STATE_EXPIRED;
-                if (!mod_timer(&x->timer, jiffies + XFRM_ACQ_EXPIRES*HZ))
+                if (!mod_timer(&x->timer, jiffies))
                        xfrm_state_hold(x);
                return -EINVAL;
        }
        if (!x->km.dying &&
            (x->curlft.bytes >= x->lft.soft_byte_limit ||
-             x->curlft.packets >= x->lft.soft_packet_limit))
+             x->curlft.packets >= x->lft.soft_packet_limit)) {
+                x->km.dying = 1;
                km_state_expired(x, 0);
+        }
        return 0;
 }
 EXPORT_SYMBOL(xfrm_state_check_expire);
@@ -833,10 +835,6 @@ static void km_state_expired(struct xfrm_state *x, int hard)
 {
        struct km_event c;
-        if (hard)
-                x->km.state = XFRM_STATE_EXPIRED;
-        else
-                x->km.dying = 1;
        c.data = hard;
        c.event = XFRM_SAP_EXPIRED;
        km_state_notify(x, &c);
author	Herbert Xu <herbert@gondor.apana.org.au>	2005-06-19 01:43:22 -0400
committer	David S. Miller <davem@davemloft.net>	2005-06-19 01:43:22 -0400
commit	4666faab095230ec8aa62da6c33391287f281154 (patch)
tree	36d61925bb02dd7de537ff65d35190eeebbf47fa /net/xfrm/xfrm_state.c
parent	26b15dad9f1c19d6d4f7b999b07eaa6d98e4b375 (diff)