aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r--net/xfrm/xfrm_policy.c77
1 files changed, 65 insertions, 12 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index cb81ca35b0d6..0ecb16a9a883 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -469,16 +469,16 @@ static inline int xfrm_byidx_should_resize(struct net *net, int total)
469 return 0; 469 return 0;
470} 470}
471 471
472void xfrm_spd_getinfo(struct xfrmk_spdinfo *si) 472void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si)
473{ 473{
474 read_lock_bh(&xfrm_policy_lock); 474 read_lock_bh(&xfrm_policy_lock);
475 si->incnt = init_net.xfrm.policy_count[XFRM_POLICY_IN]; 475 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
476 si->outcnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT]; 476 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
477 si->fwdcnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD]; 477 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
478 si->inscnt = init_net.xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX]; 478 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
479 si->outscnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX]; 479 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
480 si->fwdscnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX]; 480 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
481 si->spdhcnt = init_net.xfrm.policy_idx_hmask; 481 si->spdhcnt = net->xfrm.policy_idx_hmask;
482 si->spdhmcnt = xfrm_policy_hashmax; 482 si->spdhmcnt = xfrm_policy_hashmax;
483 read_unlock_bh(&xfrm_policy_lock); 483 read_unlock_bh(&xfrm_policy_lock);
484} 484}
@@ -1309,15 +1309,28 @@ static inline int xfrm_get_tos(struct flowi *fl, int family)
1309 return tos; 1309 return tos;
1310} 1310}
1311 1311
1312static inline struct xfrm_dst *xfrm_alloc_dst(int family) 1312static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
1313{ 1313{
1314 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1314 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1315 struct dst_ops *dst_ops;
1315 struct xfrm_dst *xdst; 1316 struct xfrm_dst *xdst;
1316 1317
1317 if (!afinfo) 1318 if (!afinfo)
1318 return ERR_PTR(-EINVAL); 1319 return ERR_PTR(-EINVAL);
1319 1320
1320 xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS); 1321 switch (family) {
1322 case AF_INET:
1323 dst_ops = &net->xfrm.xfrm4_dst_ops;
1324 break;
1325#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1326 case AF_INET6:
1327 dst_ops = &net->xfrm.xfrm6_dst_ops;
1328 break;
1329#endif
1330 default:
1331 BUG();
1332 }
1333 xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS);
1321 1334
1322 xfrm_policy_put_afinfo(afinfo); 1335 xfrm_policy_put_afinfo(afinfo);
1323 1336
@@ -1366,6 +1379,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1366 struct flowi *fl, 1379 struct flowi *fl,
1367 struct dst_entry *dst) 1380 struct dst_entry *dst)
1368{ 1381{
1382 struct net *net = xp_net(policy);
1369 unsigned long now = jiffies; 1383 unsigned long now = jiffies;
1370 struct net_device *dev; 1384 struct net_device *dev;
1371 struct dst_entry *dst_prev = NULL; 1385 struct dst_entry *dst_prev = NULL;
@@ -1389,7 +1403,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1389 dst_hold(dst); 1403 dst_hold(dst);
1390 1404
1391 for (; i < nx; i++) { 1405 for (; i < nx; i++) {
1392 struct xfrm_dst *xdst = xfrm_alloc_dst(family); 1406 struct xfrm_dst *xdst = xfrm_alloc_dst(net, family);
1393 struct dst_entry *dst1 = &xdst->u.dst; 1407 struct dst_entry *dst1 = &xdst->u.dst;
1394 1408
1395 err = PTR_ERR(xdst); 1409 err = PTR_ERR(xdst);
@@ -1445,7 +1459,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1445 if (!dev) 1459 if (!dev)
1446 goto free_dst; 1460 goto free_dst;
1447 1461
1448 /* Copy neighbout for reachability confirmation */ 1462 /* Copy neighbour for reachability confirmation */
1449 dst0->neighbour = neigh_clone(dst->neighbour); 1463 dst0->neighbour = neigh_clone(dst->neighbour);
1450 1464
1451 xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len); 1465 xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len);
@@ -2279,6 +2293,7 @@ EXPORT_SYMBOL(xfrm_bundle_ok);
2279 2293
2280int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) 2294int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2281{ 2295{
2296 struct net *net;
2282 int err = 0; 2297 int err = 0;
2283 if (unlikely(afinfo == NULL)) 2298 if (unlikely(afinfo == NULL))
2284 return -EINVAL; 2299 return -EINVAL;
@@ -2302,6 +2317,27 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2302 xfrm_policy_afinfo[afinfo->family] = afinfo; 2317 xfrm_policy_afinfo[afinfo->family] = afinfo;
2303 } 2318 }
2304 write_unlock_bh(&xfrm_policy_afinfo_lock); 2319 write_unlock_bh(&xfrm_policy_afinfo_lock);
2320
2321 rtnl_lock();
2322 for_each_net(net) {
2323 struct dst_ops *xfrm_dst_ops;
2324
2325 switch (afinfo->family) {
2326 case AF_INET:
2327 xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops;
2328 break;
2329#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2330 case AF_INET6:
2331 xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops;
2332 break;
2333#endif
2334 default:
2335 BUG();
2336 }
2337 *xfrm_dst_ops = *afinfo->dst_ops;
2338 }
2339 rtnl_unlock();
2340
2305 return err; 2341 return err;
2306} 2342}
2307EXPORT_SYMBOL(xfrm_policy_register_afinfo); 2343EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -2332,6 +2368,22 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
2332} 2368}
2333EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); 2369EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
2334 2370
2371static void __net_init xfrm_dst_ops_init(struct net *net)
2372{
2373 struct xfrm_policy_afinfo *afinfo;
2374
2375 read_lock_bh(&xfrm_policy_afinfo_lock);
2376 afinfo = xfrm_policy_afinfo[AF_INET];
2377 if (afinfo)
2378 net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops;
2379#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2380 afinfo = xfrm_policy_afinfo[AF_INET6];
2381 if (afinfo)
2382 net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops;
2383#endif
2384 read_unlock_bh(&xfrm_policy_afinfo_lock);
2385}
2386
2335static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family) 2387static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)
2336{ 2388{
2337 struct xfrm_policy_afinfo *afinfo; 2389 struct xfrm_policy_afinfo *afinfo;
@@ -2494,6 +2546,7 @@ static int __net_init xfrm_net_init(struct net *net)
2494 rv = xfrm_policy_init(net); 2546 rv = xfrm_policy_init(net);
2495 if (rv < 0) 2547 if (rv < 0)
2496 goto out_policy; 2548 goto out_policy;
2549 xfrm_dst_ops_init(net);
2497 rv = xfrm_sysctl_init(net); 2550 rv = xfrm_sysctl_init(net);
2498 if (rv < 0) 2551 if (rv < 0)
2499 goto out_sysctl; 2552 goto out_sysctl;