[IPSEC 1/4] Policy Expiration

Herbert Xu <herbert@gondor.apana.org.au> · Sun, 6 Jul 2003 09:01:17 +1000

Hi Dave:

This is the first patch in a series towards the addition of policy
expiration and notification.  This one moves the onus to call
xfrm_policy_kill into xfrm_policy_bysel and xfrm_policy_byid.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: kernel-source-2.5/net/xfrm/xfrm_user.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_user.c,v
retrieving revision 1.7
diff -u -r1.7 xfrm_user.c

--- kernel-source-2.5/net/xfrm/xfrm_user.c	2 Jul 2003 09:14:19 -0000	1.7
+++ kernel-source-2.5/net/xfrm/xfrm_user.c	5 Jul 2003 05:02:01 -0000
@@ -783,9 +783,7 @@
 	if (xp == NULL)
 		return -ENOENT;
 
-	if (delete)
-		xfrm_policy_kill(xp);
-	else {
+	if (!delete) {
 		struct sk_buff *resp_skb;
 
 		resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq);
@@ -796,8 +794,9 @@
 					      NETLINK_CB(skb).pid,
 					      MSG_DONTWAIT);
 		}
-		xfrm_pol_put(xp);
 	}
+
+	xfrm_pol_put(xp);
 
 	return err;
 }
Index: kernel-source-2.5/net/key/af_key.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/key/af_key.c,v
retrieving revision 1.8
diff -u -r1.8 af_key.c
--- kernel-source-2.5/net/key/af_key.c	2 Jul 2003 09:15:50 -0000	1.8
+++ kernel-source-2.5/net/key/af_key.c	5 Jul 2003 05:04:28 -0000
@@ -1991,9 +1991,7 @@
 	err = 0;
 
 out:
-	if (xp) {
-		xfrm_policy_kill(xp);
-	}
+	xfrm_pol_put(xp);
 	return err;
 }
 
@@ -2033,12 +2031,7 @@
 	err = 0;
 
 out:
-	if (xp) {
-		if (hdr->sadb_msg_type == SADB_X_SPDDELETE2)
-			xfrm_policy_kill(xp);
-		else
-			xfrm_pol_put(xp);
-	}
+	xfrm_pol_put(xp);
 	return err;
 }

--- kernel-source-2.5/net/xfrm/xfrm_policy.c.orig	2003-07-06 08:58:45.000000000 +1000
+++ kernel-source-2.5/net/xfrm/xfrm_policy.c	2003-07-06 08:58:49.000000000 +1000
@@ -169,7 +169,7 @@
 	/* Not 100% correct. id can be recycled in theory */
 	xp = xfrm_policy_byid(0, index, 1);
 	if (xp) {
-		xfrm_policy_kill(xp);
+		xfrm_policy_put(xp);
 	}
 }
 
@@ -340,18 +340,18 @@
 	write_lock_bh(&xfrm_policy_lock);
 	for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) {
 		if (memcmp(sel, &pol->selector, sizeof(*sel)) == 0) {
+			xfrm_pol_hold(pol);
 			if (delete)
 				*p = pol->next;
 			break;
 		}
 	}
-	if (pol) {
-		if (delete)
-			atomic_inc(&flow_cache_genid);
-		else
-			xfrm_pol_hold(pol);
-	}
 	write_unlock_bh(&xfrm_policy_lock);
+
+	if (pol && delete) {
+		atomic_inc(&flow_cache_genid);
+		xfrm_policy_kill(pol);
+	}
 	return pol;
 }
 
@@ -362,18 +362,18 @@
 	write_lock_bh(&xfrm_policy_lock);
 	for (p = &xfrm_policy_list[id & 7]; (pol=*p)!=NULL; p = &pol->next) {
 		if (pol->index == id) {
+			xfrm_pol_hold(pol);
 			if (delete)
 				*p = pol->next;
 			break;
 		}
 	}
-	if (pol) {
-		if (delete)
-			atomic_inc(&flow_cache_genid);
-		else
-			xfrm_pol_hold(pol);
-	}
 	write_unlock_bh(&xfrm_policy_lock);
+
+	if (pol && delete) {
+		atomic_inc(&flow_cache_genid);
+		xfrm_policy_kill(pol);
+	}
 	return pol;
 }
 




