[IPSEC]: Sync series - SA expires

This patch allows a user to insert SA expires. This is useful to
do on an HA backup for the case of byte counts but may not be very
useful for the case of time based expiry.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 30a940b147b0a8ac48fa43dc3b1018ee627574cd..d409c9d5e2931a9be4e6c1fc860316910fe434e0 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -218,6 +218,9 @@ extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
 
 struct xfrm_tmpl;
 extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
+extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
+extern int __xfrm_state_delete(struct xfrm_state *x);
+
 struct xfrm_state_afinfo {
        unsigned short          family;
        rwlock_t                lock;

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a613b5c7d40932a6882e4b53fdca6d70eb48bda8..7784adbb336241a2d27f25deb136d373d1487315 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -52,13 +52,13 @@ static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 
 static int xfrm_state_gc_flush_bundles;
 
-static int __xfrm_state_delete(struct xfrm_state *x);
+int __xfrm_state_delete(struct xfrm_state *x);
 
 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
 
 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
-static void km_state_expired(struct xfrm_state *x, int hard);
+void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 
 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 {
@@ -157,7 +157,7 @@ static void xfrm_timer_handler(unsigned long data)
 
        x->km.dying = warn;
        if (warn)
-               km_state_expired(x, 0);
+               km_state_expired(x, 0, 0);
 resched:
        if (next != LONG_MAX &&
            !mod_timer(&x->timer, jiffies + make_jiffies(next)))
@@ -172,7 +172,7 @@ expired:
                goto resched;
        }
        if (!__xfrm_state_delete(x) && x->id.spi)
-               km_state_expired(x, 1);
+               km_state_expired(x, 1, 0);
 
 out:
        spin_unlock(&x->lock);
@@ -221,7 +221,7 @@ void __xfrm_state_destroy(struct xfrm_state *x)
 }
 EXPORT_SYMBOL(__xfrm_state_destroy);
 
-static int __xfrm_state_delete(struct xfrm_state *x)
+int __xfrm_state_delete(struct xfrm_state *x)
 {
        int err = -ESRCH;
 
@@ -260,6 +260,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
 
        return err;
 }
+EXPORT_SYMBOL(__xfrm_state_delete);
 
 int xfrm_state_delete(struct xfrm_state *x)
 {
@@ -595,7 +596,7 @@ int xfrm_state_check_expire(struct xfrm_state *x)
            (x->curlft.bytes >= x->lft.soft_byte_limit ||
             x->curlft.packets >= x->lft.soft_packet_limit)) {
                x->km.dying = 1;
-               km_state_expired(x, 0);
+               km_state_expired(x, 0, 0);
        }
        return 0;
 }
@@ -909,11 +910,12 @@ void km_state_notify(struct xfrm_state *x, struct km_event *c)
 EXPORT_SYMBOL(km_policy_notify);
 EXPORT_SYMBOL(km_state_notify);
 
-void km_state_expired(struct xfrm_state *x, int hard)
+void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
 {
        struct km_event c;
 
        c.data.hard = hard;
+       c.pid = pid;
        c.event = XFRM_MSG_EXPIRE;
        km_state_notify(x, &c);
 
@@ -921,6 +923,7 @@ void km_state_expired(struct xfrm_state *x, int hard)
                wake_up(&km_waitq);
 }
 
+EXPORT_SYMBOL(km_state_expired);
 /*
  * We send to all registered managers regardless of failure
  * We are happy with one success

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d6e6527fd8d72c2ef3a3d4b77976a37cc50d77ad..2dc1e69b2cb7bffce8f95d5a59874aa35c1ebcea 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1232,6 +1232,34 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
        return 0;
 }
 
+static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+       struct xfrm_state *x;
+       int err;
+       struct xfrm_user_expire *ue = NLMSG_DATA(nlh);
+       struct xfrm_usersa_info *p = &ue->state;
+
+       x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family);
+               err = -ENOENT;
+
+       if (x == NULL)
+               return err;
+
+       err = -EINVAL;
+
+       spin_lock_bh(&x->lock);
+       if (x->km.state != XFRM_STATE_VALID)
+               goto out;
+       km_state_expired(x, ue->hard, current->pid);
+
+       if (ue->hard)
+               __xfrm_state_delete(x);
+out:
+       spin_unlock_bh(&x->lock);
+       xfrm_state_put(x);
+       return err;
+}
+
 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
        struct xfrm_policy *xp;
@@ -1296,6 +1324,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
        [XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
        [XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info),
        [XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire),
+       [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
        [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
        [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
        [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
@@ -1320,6 +1349,7 @@ static struct xfrm_link {
                                                   .dump = xfrm_dump_policy   },
        [XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
        [XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire   },
+       [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
        [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
        [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = { .doit = xfrm_add_sa        },
        [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa      },