Hi: I've split all netlink/pfkey code into kernel-netlink.c and kernel-pfkey.c respectively. Hopefully this will make it easier for this patch to be merged. I've also updated it for Linux 2.5.70. You will also need the following patch against 2.5.70 itself for it to work. It should also fix some build problems with spi/spigrp. The patch against freeswan 2.00 can be downloaded from: http://gondor.apana.org.au/~herbert/freeswan/freeswan-linux-ipsec-20030531.patch.gz I've attached the kernel patch to this message. Cheers, -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: net/core/flow.c =================================================================== RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/core/flow.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 flow.c --- net/core/flow.c 27 May 2003 08:38:40 -0000 1.1.1.1 +++ net/core/flow.c 27 May 2003 11:36:41 -0000 @@ -199,6 +199,8 @@ fle->genid = atomic_read(&flow_cache_genid); fle->object = obj; fle->object_ref = obj_ref; + if (obj) + atomic_inc(fle->object_ref); flow_count(cpu)++; } Index: net/xfrm/xfrm_policy.c =================================================================== RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_policy.c,v retrieving revision 1.1.1.3 retrieving revision 1.2 diff -u -r1.1.1.3 -r1.2 --- net/xfrm/xfrm_policy.c 27 May 2003 08:38:41 -0000 1.1.1.3 +++ net/xfrm/xfrm_policy.c 27 May 2003 09:30:57 -0000 1.2 @@ -244,22 +244,34 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) { struct xfrm_policy *pol, **p; + struct xfrm_policy *delpol = NULL; + struct xfrm_policy **newpos = NULL; write_lock_bh(&xfrm_policy_lock); for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) { - if (memcmp(&policy->selector, &pol->selector, sizeof(pol->selector)) == 0) { + if (!delpol && memcmp(&policy->selector, &pol->selector, sizeof(pol->selector)) == 0) { if (excl) { write_unlock_bh(&xfrm_policy_lock); return -EEXIST; } + *p = pol->next; + delpol = pol; + if (policy->priority > pol->priority) + continue; + } else if (policy->priority >= pol->priority) + continue; + if (!newpos) + newpos = p; + if (delpol) break; - } } + if (newpos) + p = newpos; xfrm_pol_hold(policy); - policy->next = pol ? pol->next : NULL; + policy->next = *p; *p = policy; atomic_inc(&flow_cache_genid); - policy->index = pol ? pol->index : xfrm_gen_index(dir); + policy->index = delpol ? delpol->index : xfrm_gen_index(dir); policy->curlft.add_time = (unsigned long)xtime.tv_sec; policy->curlft.use_time = 0; if (policy->lft.hard_add_expires_seconds && @@ -267,10 +279,10 @@ xfrm_pol_hold(policy); write_unlock_bh(&xfrm_policy_lock); - if (pol) { - atomic_dec(&pol->refcnt); - xfrm_policy_kill(pol); - xfrm_pol_put(pol); + if (delpol) { + atomic_dec(&delpol->refcnt); + xfrm_policy_kill(delpol); + xfrm_pol_put(delpol); } return 0; }