[XFRM]: Add generation count to xfrm_state and xfrm_dst.
Each xfrm_state inserted gets a new generation counter value. When a bundle is created, the xfrm_dst objects get the current generation counter of the xfrm_state they will attach to at dst->xfrm. xfrm_bundle_ok() will return false if it sees an xfrm_dst with a generation count different from the generation count of the xfrm_state that dst points to. This provides a facility by which to passively and cheaply invalidate cached IPSEC routes during SA database changes. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
f034b5d4ef
commit
9d4a706d85
@ -104,6 +104,8 @@ struct xfrm_state
|
|||||||
struct xfrm_id id;
|
struct xfrm_id id;
|
||||||
struct xfrm_selector sel;
|
struct xfrm_selector sel;
|
||||||
|
|
||||||
|
u32 genid;
|
||||||
|
|
||||||
/* Key manger bits */
|
/* Key manger bits */
|
||||||
struct {
|
struct {
|
||||||
u8 state;
|
u8 state;
|
||||||
@ -590,6 +592,7 @@ struct xfrm_dst
|
|||||||
struct rt6_info rt6;
|
struct rt6_info rt6;
|
||||||
} u;
|
} u;
|
||||||
struct dst_entry *route;
|
struct dst_entry *route;
|
||||||
|
u32 genid;
|
||||||
u32 route_mtu_cached;
|
u32 route_mtu_cached;
|
||||||
u32 child_mtu_cached;
|
u32 child_mtu_cached;
|
||||||
u32 route_cookie;
|
u32 route_cookie;
|
||||||
|
@ -93,6 +93,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||||||
|
|
||||||
xdst = (struct xfrm_dst *)dst1;
|
xdst = (struct xfrm_dst *)dst1;
|
||||||
xdst->route = &rt->u.dst;
|
xdst->route = &rt->u.dst;
|
||||||
|
xdst->genid = xfrm[i]->genid;
|
||||||
|
|
||||||
dst1->next = dst_prev;
|
dst1->next = dst_prev;
|
||||||
dst_prev = dst1;
|
dst_prev = dst1;
|
||||||
|
@ -149,6 +149,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
|
|||||||
|
|
||||||
xdst = (struct xfrm_dst *)dst1;
|
xdst = (struct xfrm_dst *)dst1;
|
||||||
xdst->route = &rt->u.dst;
|
xdst->route = &rt->u.dst;
|
||||||
|
xdst->genid = xfrm[i]->genid;
|
||||||
if (rt->rt6i_node)
|
if (rt->rt6i_node)
|
||||||
xdst->route_cookie = rt->rt6i_node->fn_sernum;
|
xdst->route_cookie = rt->rt6i_node->fn_sernum;
|
||||||
|
|
||||||
|
@ -1536,6 +1536,8 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str
|
|||||||
return 0;
|
return 0;
|
||||||
if (dst->xfrm->km.state != XFRM_STATE_VALID)
|
if (dst->xfrm->km.state != XFRM_STATE_VALID)
|
||||||
return 0;
|
return 0;
|
||||||
|
if (xdst->genid != dst->xfrm->genid)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
|
if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
|
||||||
!xfrm_state_addr_flow_check(dst->xfrm, fl, family))
|
!xfrm_state_addr_flow_check(dst->xfrm, fl, family))
|
||||||
|
@ -53,6 +53,7 @@ static struct hlist_head *xfrm_state_byspi __read_mostly;
|
|||||||
static unsigned int xfrm_state_hmask __read_mostly;
|
static unsigned int xfrm_state_hmask __read_mostly;
|
||||||
static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
|
static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
|
||||||
static unsigned int xfrm_state_num;
|
static unsigned int xfrm_state_num;
|
||||||
|
static unsigned int xfrm_state_genid;
|
||||||
|
|
||||||
static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask)
|
static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask)
|
||||||
{
|
{
|
||||||
@ -745,6 +746,8 @@ static void __xfrm_state_insert(struct xfrm_state *x)
|
|||||||
{
|
{
|
||||||
unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family);
|
unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family);
|
||||||
|
|
||||||
|
x->genid = ++xfrm_state_genid;
|
||||||
|
|
||||||
hlist_add_head(&x->bydst, xfrm_state_bydst+h);
|
hlist_add_head(&x->bydst, xfrm_state_bydst+h);
|
||||||
xfrm_state_hold(x);
|
xfrm_state_hold(x);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user