diff options
| author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:17:25 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:17:25 -0500 |
| commit | 6c5c8ca7ff20523e427b955aa84cef407934710f (patch) | |
| tree | 382a4b07027efd8a41638ed9c051cc9ec2506f0b /net/xfrm/xfrm_user.c | |
| parent | 53bc6b4d29c07664f3abe029b7e6878a1067899a (diff) | |
[IPSEC]: Sync series - policy expires
This is similar to the SA expire insertion patch - only it inserts
expires for SP.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2dc1e69b2cb7..b46ee7d4dae7 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -1222,7 +1222,7 @@ out: | |||
| 1222 | 1222 | ||
| 1223 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | 1223 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) |
| 1224 | { | 1224 | { |
| 1225 | struct km_event c; | 1225 | struct km_event c; |
| 1226 | 1226 | ||
| 1227 | xfrm_policy_flush(); | 1227 | xfrm_policy_flush(); |
| 1228 | c.event = nlh->nlmsg_type; | 1228 | c.event = nlh->nlmsg_type; |
| @@ -1232,6 +1232,58 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x | |||
| 1232 | return 0; | 1232 | return 0; |
| 1233 | } | 1233 | } |
| 1234 | 1234 | ||
| 1235 | static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | ||
| 1236 | { | ||
| 1237 | struct xfrm_policy *xp; | ||
| 1238 | struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); | ||
| 1239 | struct xfrm_userpolicy_info *p = &up->pol; | ||
| 1240 | int err = -ENOENT; | ||
| 1241 | |||
| 1242 | if (p->index) | ||
| 1243 | xp = xfrm_policy_byid(p->dir, p->index, 0); | ||
| 1244 | else { | ||
| 1245 | struct rtattr **rtattrs = (struct rtattr **)xfrma; | ||
| 1246 | struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1]; | ||
| 1247 | struct xfrm_policy tmp; | ||
| 1248 | |||
| 1249 | err = verify_sec_ctx_len(rtattrs); | ||
| 1250 | if (err) | ||
| 1251 | return err; | ||
| 1252 | |||
| 1253 | memset(&tmp, 0, sizeof(struct xfrm_policy)); | ||
| 1254 | if (rt) { | ||
| 1255 | struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); | ||
| 1256 | |||
| 1257 | if ((err = security_xfrm_policy_alloc(&tmp, uctx))) | ||
| 1258 | return err; | ||
| 1259 | } | ||
| 1260 | xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, 0); | ||
| 1261 | security_xfrm_policy_free(&tmp); | ||
| 1262 | } | ||
| 1263 | |||
| 1264 | if (xp == NULL) | ||
| 1265 | return err; | ||
| 1266 | read_lock(&xp->lock); | ||
| 1267 | if (xp->dead) { | ||
| 1268 | read_unlock(&xp->lock); | ||
| 1269 | goto out; | ||
| 1270 | } | ||
| 1271 | |||
| 1272 | read_unlock(&xp->lock); | ||
| 1273 | err = 0; | ||
| 1274 | if (up->hard) { | ||
| 1275 | xfrm_policy_delete(xp, p->dir); | ||
| 1276 | } else { | ||
| 1277 | // reset the timers here? | ||
| 1278 | printk("Dont know what to do with soft policy expire\n"); | ||
| 1279 | } | ||
| 1280 | km_policy_expired(xp, p->dir, up->hard, current->pid); | ||
| 1281 | |||
| 1282 | out: | ||
| 1283 | xfrm_pol_put(xp); | ||
| 1284 | return err; | ||
| 1285 | } | ||
| 1286 | |||
| 1235 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | 1287 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) |
| 1236 | { | 1288 | { |
| 1237 | struct xfrm_state *x; | 1289 | struct xfrm_state *x; |
| @@ -1327,6 +1379,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { | |||
| 1327 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), | 1379 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), |
| 1328 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), | 1380 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), |
| 1329 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), | 1381 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), |
| 1382 | [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), | ||
| 1330 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), | 1383 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), |
| 1331 | [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), | 1384 | [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), |
| 1332 | [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), | 1385 | [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), |
| @@ -1352,6 +1405,7 @@ static struct xfrm_link { | |||
| 1352 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, | 1405 | [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, |
| 1353 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, | 1406 | [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, |
| 1354 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, | 1407 | [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, |
| 1408 | [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, | ||
| 1355 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, | 1409 | [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, |
| 1356 | [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, | 1410 | [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, |
| 1357 | [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, | 1411 | [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, |