Commit 9d4a706d authored by David S. Miller's avatar David S. Miller

[XFRM]: Add generation count to xfrm_state and xfrm_dst.

Each xfrm_state inserted gets a new generation counter
value.  When a bundle is created, the xfrm_dst objects
get the current generation counter of the xfrm_state
they will attach to at dst->xfrm.

xfrm_bundle_ok() will return false if it sees an
xfrm_dst with a generation count different from the
generation count of the xfrm_state that dst points to.

This provides a facility by which to passively and
cheaply invalidate cached IPSEC routes during SA
database changes.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f034b5d4
...@@ -104,6 +104,8 @@ struct xfrm_state ...@@ -104,6 +104,8 @@ struct xfrm_state
struct xfrm_id id; struct xfrm_id id;
struct xfrm_selector sel; struct xfrm_selector sel;
u32 genid;
/* Key manger bits */ /* Key manger bits */
struct { struct {
u8 state; u8 state;
...@@ -590,6 +592,7 @@ struct xfrm_dst ...@@ -590,6 +592,7 @@ struct xfrm_dst
struct rt6_info rt6; struct rt6_info rt6;
} u; } u;
struct dst_entry *route; struct dst_entry *route;
u32 genid;
u32 route_mtu_cached; u32 route_mtu_cached;
u32 child_mtu_cached; u32 child_mtu_cached;
u32 route_cookie; u32 route_cookie;
......
...@@ -93,6 +93,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int ...@@ -93,6 +93,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
xdst = (struct xfrm_dst *)dst1; xdst = (struct xfrm_dst *)dst1;
xdst->route = &rt->u.dst; xdst->route = &rt->u.dst;
xdst->genid = xfrm[i]->genid;
dst1->next = dst_prev; dst1->next = dst_prev;
dst_prev = dst1; dst_prev = dst1;
......
...@@ -149,6 +149,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int ...@@ -149,6 +149,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
xdst = (struct xfrm_dst *)dst1; xdst = (struct xfrm_dst *)dst1;
xdst->route = &rt->u.dst; xdst->route = &rt->u.dst;
xdst->genid = xfrm[i]->genid;
if (rt->rt6i_node) if (rt->rt6i_node)
xdst->route_cookie = rt->rt6i_node->fn_sernum; xdst->route_cookie = rt->rt6i_node->fn_sernum;
......
...@@ -1536,6 +1536,8 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str ...@@ -1536,6 +1536,8 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str
return 0; return 0;
if (dst->xfrm->km.state != XFRM_STATE_VALID) if (dst->xfrm->km.state != XFRM_STATE_VALID)
return 0; return 0;
if (xdst->genid != dst->xfrm->genid)
return 0;
if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL && if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
!xfrm_state_addr_flow_check(dst->xfrm, fl, family)) !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
......
...@@ -53,6 +53,7 @@ static struct hlist_head *xfrm_state_byspi __read_mostly; ...@@ -53,6 +53,7 @@ static struct hlist_head *xfrm_state_byspi __read_mostly;
static unsigned int xfrm_state_hmask __read_mostly; static unsigned int xfrm_state_hmask __read_mostly;
static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
static unsigned int xfrm_state_num; static unsigned int xfrm_state_num;
static unsigned int xfrm_state_genid;
static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask) static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask)
{ {
...@@ -745,6 +746,8 @@ static void __xfrm_state_insert(struct xfrm_state *x) ...@@ -745,6 +746,8 @@ static void __xfrm_state_insert(struct xfrm_state *x)
{ {
unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family); unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family);
x->genid = ++xfrm_state_genid;
hlist_add_head(&x->bydst, xfrm_state_bydst+h); hlist_add_head(&x->bydst, xfrm_state_bydst+h);
xfrm_state_hold(x); xfrm_state_hold(x);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment