projects
/
linux-drm-fsl-dcu.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[IPSEC]: exporting xfrm_state_afinfo
[linux-drm-fsl-dcu.git]
/
net
/
xfrm
/
xfrm_state.c
diff --git
a/net/xfrm/xfrm_state.c
b/net/xfrm/xfrm_state.c
index da54a64ccfa3b9ffb4d4401ad3fac881591ce2dd..24f7bfd07af2f69f8443c36b263f93ef2cfdf72d 100644
(file)
--- a/
net/xfrm/xfrm_state.c
+++ b/
net/xfrm/xfrm_state.c
@@
-20,6
+20,7
@@
#include <linux/module.h>
#include <linux/cache.h>
#include <asm/uaccess.h>
#include <linux/module.h>
#include <linux/cache.h>
#include <asm/uaccess.h>
+#include <linux/audit.h>
#include "xfrm_hash.h"
#include "xfrm_hash.h"
@@
-182,9
+183,6
@@
static DEFINE_SPINLOCK(xfrm_state_gc_lock);
int __xfrm_state_delete(struct xfrm_state *x);
int __xfrm_state_delete(struct xfrm_state *x);
-static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
-static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
-
int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
@@
-238,6
+236,7
@@
static void xfrm_timer_handler(unsigned long data)
unsigned long now = (unsigned long)xtime.tv_sec;
long next = LONG_MAX;
int warn = 0;
unsigned long now = (unsigned long)xtime.tv_sec;
long next = LONG_MAX;
int warn = 0;
+ int err = 0;
spin_lock(&x->lock);
if (x->km.state == XFRM_STATE_DEAD)
spin_lock(&x->lock);
if (x->km.state == XFRM_STATE_DEAD)
@@
-295,9
+294,14
@@
expired:
next = 2;
goto resched;
}
next = 2;
goto resched;
}
- if (!__xfrm_state_delete(x) && x->id.spi)
+
+ err = __xfrm_state_delete(x);
+ if (!err && x->id.spi)
km_state_expired(x, 1, 0);
km_state_expired(x, 1, 0);
+ xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
+ AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
+
out:
spin_unlock(&x->lock);
}
out:
spin_unlock(&x->lock);
}
@@
-384,9
+388,10
@@
int xfrm_state_delete(struct xfrm_state *x)
}
EXPORT_SYMBOL(xfrm_state_delete);
}
EXPORT_SYMBOL(xfrm_state_delete);
-void xfrm_state_flush(u8 proto)
+void xfrm_state_flush(u8 proto
, struct xfrm_audit *audit_info
)
{
int i;
{
int i;
+ int err = 0;
spin_lock_bh(&xfrm_state_lock);
for (i = 0; i <= xfrm_state_hmask; i++) {
spin_lock_bh(&xfrm_state_lock);
for (i = 0; i <= xfrm_state_hmask; i++) {
@@
-399,7
+404,11
@@
restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
+ err = xfrm_state_delete(x);
+ xfrm_audit_log(audit_info->loginuid,
+ audit_info->secid,
+ AUDIT_MAC_IPSEC_DELSA,
+ err ? 0 : 1, NULL, x);
xfrm_state_put(x);
spin_lock_bh(&xfrm_state_lock);
xfrm_state_put(x);
spin_lock_bh(&xfrm_state_lock);
@@
-1099,7
+1108,7
@@
int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
void *data)
{
int i;
void *data)
{
int i;
- struct xfrm_state *x;
+ struct xfrm_state *x
, *last = NULL
;
struct hlist_node *entry;
int count = 0;
int err = 0;
struct hlist_node *entry;
int count = 0;
int err = 0;
@@
-1107,24
+1116,22
@@
int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
spin_lock_bh(&xfrm_state_lock);
for (i = 0; i <= xfrm_state_hmask; i++) {
hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
spin_lock_bh(&xfrm_state_lock);
for (i = 0; i <= xfrm_state_hmask; i++) {
hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
- if (xfrm_id_proto_match(x->id.proto, proto))
- count++;
+ if (!xfrm_id_proto_match(x->id.proto, proto))
+ continue;
+ if (last) {
+ err = func(last, count, data);
+ if (err)
+ goto out;
+ }
+ last = x;
+ count++;
}
}
if (count == 0) {
err = -ENOENT;
goto out;
}
}
}
if (count == 0) {
err = -ENOENT;
goto out;
}
-
- for (i = 0; i <= xfrm_state_hmask; i++) {
- hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
- if (!xfrm_id_proto_match(x->id.proto, proto))
- continue;
- err = func(x, --count, data);
- if (err)
- goto out;
- }
- }
+ err = func(last, 0, data);
out:
spin_unlock_bh(&xfrm_state_lock);
return err;
out:
spin_unlock_bh(&xfrm_state_lock);
return err;
@@
-1448,7
+1455,7
@@
int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
}
EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
}
EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
-st
atic st
ruct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
+struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
{
struct xfrm_state_afinfo *afinfo;
if (unlikely(family >= NPROTO))
{
struct xfrm_state_afinfo *afinfo;
if (unlikely(family >= NPROTO))
@@
-1460,11
+1467,14
@@
static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
return afinfo;
}
return afinfo;
}
-
static
void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
+void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
{
read_unlock(&xfrm_state_afinfo_lock);
}
{
read_unlock(&xfrm_state_afinfo_lock);
}
+EXPORT_SYMBOL(xfrm_state_get_afinfo);
+EXPORT_SYMBOL(xfrm_state_put_afinfo);
+
/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
void xfrm_state_delete_tunnel(struct xfrm_state *x)
{
/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
void xfrm_state_delete_tunnel(struct xfrm_state *x)
{