aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2006-08-24 06:18:09 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 18:08:42 -0400
commit9d4a706d852411154d0c91b9ffb3bec68b94b25c (patch)
tree1613607168baa8b654c300895cd7d0ffb6f18581 /net
parentf034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 (diff)
[XFRM]: Add generation count to xfrm_state and xfrm_dst.
Each xfrm_state inserted gets a new generation counter value. When a bundle is created, the xfrm_dst objects get the current generation counter of the xfrm_state they will attach to at dst->xfrm. xfrm_bundle_ok() will return false if it sees an xfrm_dst with a generation count different from the generation count of the xfrm_state that dst points to. This provides a facility by which to passively and cheaply invalidate cached IPSEC routes during SA database changes. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/xfrm4_policy.c1
-rw-r--r--net/ipv6/xfrm6_policy.c1
-rw-r--r--net/xfrm/xfrm_policy.c2
-rw-r--r--net/xfrm/xfrm_state.c3
4 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 42d8ded0f96a..479598566f1d 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -93,6 +93,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
93 93
94 xdst = (struct xfrm_dst *)dst1; 94 xdst = (struct xfrm_dst *)dst1;
95 xdst->route = &rt->u.dst; 95 xdst->route = &rt->u.dst;
96 xdst->genid = xfrm[i]->genid;
96 97
97 dst1->next = dst_prev; 98 dst1->next = dst_prev;
98 dst_prev = dst1; 99 dst_prev = dst1;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 98c2fe449b3f..9391c4c94feb 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -149,6 +149,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
149 149
150 xdst = (struct xfrm_dst *)dst1; 150 xdst = (struct xfrm_dst *)dst1;
151 xdst->route = &rt->u.dst; 151 xdst->route = &rt->u.dst;
152 xdst->genid = xfrm[i]->genid;
152 if (rt->rt6i_node) 153 if (rt->rt6i_node)
153 xdst->route_cookie = rt->rt6i_node->fn_sernum; 154 xdst->route_cookie = rt->rt6i_node->fn_sernum;
154 155
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 1732159ffd01..7fc6944ee36f 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1536,6 +1536,8 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str
1536 return 0; 1536 return 0;
1537 if (dst->xfrm->km.state != XFRM_STATE_VALID) 1537 if (dst->xfrm->km.state != XFRM_STATE_VALID)
1538 return 0; 1538 return 0;
1539 if (xdst->genid != dst->xfrm->genid)
1540 return 0;
1539 1541
1540 if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL && 1542 if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
1541 !xfrm_state_addr_flow_check(dst->xfrm, fl, family)) 1543 !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 445263c54c94..535d43c14720 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -53,6 +53,7 @@ static struct hlist_head *xfrm_state_byspi __read_mostly;
53static unsigned int xfrm_state_hmask __read_mostly; 53static unsigned int xfrm_state_hmask __read_mostly;
54static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; 54static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
55static unsigned int xfrm_state_num; 55static unsigned int xfrm_state_num;
56static unsigned int xfrm_state_genid;
56 57
57static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask) 58static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask)
58{ 59{
@@ -745,6 +746,8 @@ static void __xfrm_state_insert(struct xfrm_state *x)
745{ 746{
746 unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family); 747 unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family);
747 748
749 x->genid = ++xfrm_state_genid;
750
748 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 751 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
749 xfrm_state_hold(x); 752 xfrm_state_hold(x);
750 753