[PATCH] xfrm_policy: Order SPD using priority

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi:

This patch makes sure that the SPD is ordered by priority.  I did it because
I couldn't find any other way of establishing order which is violates a
MUST clause in RFC 2401.

Please let me know if there is already a way to set ordering between
policies.

BTW, for the sake of completeness, there probably should be a way to
specify the priority when deleting a policy via netlink.

Thanks,
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Index: net/xfrm/xfrm_policy.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_policy.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 xfrm_policy.c
--- net/xfrm/xfrm_policy.c	4 May 2003 23:53:29 -0000	1.1.1.2
+++ net/xfrm/xfrm_policy.c	24 May 2003 05:01:29 -0000
@@ -381,22 +381,28 @@
 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
 {
 	struct xfrm_policy *pol, **p;
+	int delpol = 0;
 
 	write_lock_bh(&xfrm_policy_lock);
 	for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) {
+		if (policy->priority < pol->priority)
+			break;
+		if (policy->priority > pol->priority)
+			continue;
 		if (memcmp(&policy->selector, &pol->selector, sizeof(pol->selector)) == 0) {
 			if (excl) {
 				write_unlock_bh(&xfrm_policy_lock);
 				return -EEXIST;
 			}
+			delpol = 1;
 			break;
 		}
 	}
 	atomic_inc(&policy->refcnt);
-	policy->next = pol ? pol->next : NULL;
+	policy->next = delpol ? pol->next : pol;
 	*p = policy;
 	xfrm_policy_genid++;
-	policy->index = pol ? pol->index : xfrm_gen_index(dir);
+	policy->index = delpol ? pol->index : xfrm_gen_index(dir);
 	policy->curlft.add_time = (unsigned long)xtime.tv_sec;
 	policy->curlft.use_time = 0;
 	if (policy->lft.hard_add_expires_seconds &&
@@ -404,7 +410,7 @@
 		atomic_inc(&policy->refcnt);
 	write_unlock_bh(&xfrm_policy_lock);
 
-	if (pol) {
+	if (delpol) {
 		atomic_dec(&pol->refcnt);
 		xfrm_policy_kill(pol);
 		xfrm_pol_put(pol);
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux