[IPSEC]: Sync series - policy expires
authorJamal Hadi Salim <hadi@cyberus.ca>
Tue, 21 Mar 2006 03:17:25 +0000 (19:17 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 21 Mar 2006 03:17:25 +0000 (19:17 -0800)
This is similar to the SA expire insertion patch - only it inserts
expires for SP.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/xfrm.h
net/xfrm/xfrm_policy.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c

index d409c9d5e2931a9be4e6c1fc860316910fe434e0..156f52ef8a9169bd9894a1cb5d94888bb04870c3 100644 (file)
@@ -957,7 +957,7 @@ extern void xfrm_init_pmtu(struct dst_entry *dst);
 
 extern wait_queue_head_t km_waitq;
 extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
-extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard);
+extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
 
 extern void xfrm_input_init(void);
 extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);
index ae62054a9fc4c22bb41678f2c8fd64ce87e7d427..453551ec87a1d847cb6184a265d240e44b59f1eb 100644 (file)
@@ -203,7 +203,7 @@ static void xfrm_policy_timer(unsigned long data)
        }
 
        if (warn)
-               km_policy_expired(xp, dir, 0);
+               km_policy_expired(xp, dir, 0, 0);
        if (next != LONG_MAX &&
            !mod_timer(&xp->timer, jiffies + make_jiffies(next)))
                xfrm_pol_hold(xp);
@@ -216,7 +216,7 @@ out:
 expired:
        read_unlock(&xp->lock);
        if (!xfrm_policy_delete(xp, dir))
-               km_policy_expired(xp, dir, 1);
+               km_policy_expired(xp, dir, 1, 0);
        xfrm_pol_put(xp);
 }
 
index 7784adbb336241a2d27f25deb136d373d1487315..8df547d7d61cd147e12cd7c5b667ec8e7f4cf4b9 100644 (file)
@@ -961,11 +961,12 @@ int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
 }
 EXPORT_SYMBOL(km_new_mapping);
 
-void km_policy_expired(struct xfrm_policy *pol, int dir, int hard)
+void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
 {
        struct km_event c;
 
        c.data.hard = hard;
+       c.pid = pid;
        c.event = XFRM_MSG_POLEXPIRE;
        km_policy_notify(pol, dir, &c);
 
index 2dc1e69b2cb7bffce8f95d5a59874aa35c1ebcea..b46ee7d4dae7da49bf84238f55124ed465c758b4 100644 (file)
@@ -1222,7 +1222,7 @@ out:
 
 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
-       struct km_event c;
+struct km_event c;
 
        xfrm_policy_flush();
        c.event = nlh->nlmsg_type;
@@ -1232,6 +1232,58 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
        return 0;
 }
 
+static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+       struct xfrm_policy *xp;
+       struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
+       struct xfrm_userpolicy_info *p = &up->pol;
+       int err = -ENOENT;
+
+       if (p->index)
+               xp = xfrm_policy_byid(p->dir, p->index, 0);
+       else {
+               struct rtattr **rtattrs = (struct rtattr **)xfrma;
+               struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
+               struct xfrm_policy tmp;
+
+               err = verify_sec_ctx_len(rtattrs);
+               if (err)
+                       return err;
+
+               memset(&tmp, 0, sizeof(struct xfrm_policy));
+               if (rt) {
+                       struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
+
+                       if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+                               return err;
+               }
+               xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, 0);
+               security_xfrm_policy_free(&tmp);
+       }
+
+       if (xp == NULL)
+               return err;
+                                                                                       read_lock(&xp->lock);
+       if (xp->dead) {
+               read_unlock(&xp->lock);
+               goto out;
+       }
+
+       read_unlock(&xp->lock);
+       err = 0;
+       if (up->hard) {
+               xfrm_policy_delete(xp, p->dir);
+       } else {
+               // reset the timers here?
+               printk("Dont know what to do with soft policy expire\n");
+       }
+       km_policy_expired(xp, p->dir, up->hard, current->pid);
+
+out:
+       xfrm_pol_put(xp);
+       return err;
+}
+
 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
        struct xfrm_state *x;
@@ -1327,6 +1379,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
        [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
        [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
        [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
+       [XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire),
        [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
        [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0),
        [XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
@@ -1352,6 +1405,7 @@ static struct xfrm_link {
        [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
        [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
        [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = { .doit = xfrm_add_sa        },
+       [XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire},
        [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa      },
        [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy  },
        [XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = { .doit = xfrm_new_ae  },