[XFRM] POLICY: Support netlink socket interface for sub policy.
Sub policy can be used through netlink socket. PF_KEY uses main only and it is TODO to support sub. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
41a49cc3c0
commit
f7b6983f0f
|
@ -230,6 +230,12 @@ enum xfrm_ae_ftype_t {
|
||||||
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
|
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct xfrm_userpolicy_type {
|
||||||
|
__u8 type;
|
||||||
|
__u16 reserved1;
|
||||||
|
__u8 reserved2;
|
||||||
|
};
|
||||||
|
|
||||||
/* Netlink message attributes. */
|
/* Netlink message attributes. */
|
||||||
enum xfrm_attr_type_t {
|
enum xfrm_attr_type_t {
|
||||||
XFRMA_UNSPEC,
|
XFRMA_UNSPEC,
|
||||||
|
@ -248,6 +254,7 @@ enum xfrm_attr_type_t {
|
||||||
XFRMA_SRCADDR, /* xfrm_address_t */
|
XFRMA_SRCADDR, /* xfrm_address_t */
|
||||||
XFRMA_COADDR, /* xfrm_address_t */
|
XFRMA_COADDR, /* xfrm_address_t */
|
||||||
XFRMA_LASTUSED,
|
XFRMA_LASTUSED,
|
||||||
|
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
|
||||||
__XFRMA_MAX
|
__XFRMA_MAX
|
||||||
|
|
||||||
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
#define XFRMA_MAX (__XFRMA_MAX - 1)
|
||||||
|
|
|
@ -203,6 +203,7 @@ struct km_event
|
||||||
u32 proto;
|
u32 proto;
|
||||||
u32 byid;
|
u32 byid;
|
||||||
u32 aevent;
|
u32 aevent;
|
||||||
|
u32 type;
|
||||||
} data;
|
} data;
|
||||||
|
|
||||||
u32 seq;
|
u32 seq;
|
||||||
|
|
|
@ -1731,7 +1731,8 @@ static u32 gen_reqid(void)
|
||||||
++reqid;
|
++reqid;
|
||||||
if (reqid == 0)
|
if (reqid == 0)
|
||||||
reqid = IPSEC_MANUAL_REQID_MAX+1;
|
reqid = IPSEC_MANUAL_REQID_MAX+1;
|
||||||
if (xfrm_policy_walk(check_reqid, (void*)&reqid) != -EEXIST)
|
if (xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, check_reqid,
|
||||||
|
(void*)&reqid) != -EEXIST)
|
||||||
return reqid;
|
return reqid;
|
||||||
} while (reqid != start);
|
} while (reqid != start);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -2268,7 +2269,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
xp = xfrm_policy_bysel_ctx(pol->sadb_x_policy_dir-1, &sel, tmp.security, 1);
|
xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
|
||||||
|
&sel, tmp.security, 1);
|
||||||
security_xfrm_policy_free(&tmp);
|
security_xfrm_policy_free(&tmp);
|
||||||
if (xp == NULL)
|
if (xp == NULL)
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
@ -2330,7 +2332,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
|
||||||
if (dir >= XFRM_POLICY_MAX)
|
if (dir >= XFRM_POLICY_MAX)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id,
|
xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id,
|
||||||
hdr->sadb_msg_type == SADB_X_SPDDELETE2);
|
hdr->sadb_msg_type == SADB_X_SPDDELETE2);
|
||||||
if (xp == NULL)
|
if (xp == NULL)
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
@ -2378,7 +2380,7 @@ static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *
|
||||||
{
|
{
|
||||||
struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
|
struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
|
||||||
|
|
||||||
return xfrm_policy_walk(dump_sp, &data);
|
return xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_sp, &data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int key_notify_policy_flush(struct km_event *c)
|
static int key_notify_policy_flush(struct km_event *c)
|
||||||
|
@ -2405,7 +2407,8 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
|
||||||
{
|
{
|
||||||
struct km_event c;
|
struct km_event c;
|
||||||
|
|
||||||
xfrm_policy_flush();
|
xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN);
|
||||||
|
c.data.type = XFRM_POLICY_TYPE_MAIN;
|
||||||
c.event = XFRM_MSG_FLUSHPOLICY;
|
c.event = XFRM_MSG_FLUSHPOLICY;
|
||||||
c.pid = hdr->sadb_msg_pid;
|
c.pid = hdr->sadb_msg_pid;
|
||||||
c.seq = hdr->sadb_msg_seq;
|
c.seq = hdr->sadb_msg_seq;
|
||||||
|
@ -2667,6 +2670,9 @@ static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
|
||||||
|
|
||||||
static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
|
static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
|
||||||
{
|
{
|
||||||
|
if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
|
||||||
|
return 0;
|
||||||
|
|
||||||
switch (c->event) {
|
switch (c->event) {
|
||||||
case XFRM_MSG_POLEXPIRE:
|
case XFRM_MSG_POLEXPIRE:
|
||||||
return key_notify_policy_expire(xp, c);
|
return key_notify_policy_expire(xp, c);
|
||||||
|
@ -2675,6 +2681,8 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
|
||||||
case XFRM_MSG_UPDPOLICY:
|
case XFRM_MSG_UPDPOLICY:
|
||||||
return key_notify_policy(xp, dir, c);
|
return key_notify_policy(xp, dir, c);
|
||||||
case XFRM_MSG_FLUSHPOLICY:
|
case XFRM_MSG_FLUSHPOLICY:
|
||||||
|
if (c->data.type != XFRM_POLICY_TYPE_MAIN)
|
||||||
|
break;
|
||||||
return key_notify_policy_flush(c);
|
return key_notify_policy_flush(c);
|
||||||
default:
|
default:
|
||||||
printk("pfkey: Unknown policy event %d\n", c->event);
|
printk("pfkey: Unknown policy event %d\n", c->event);
|
||||||
|
|
|
@ -786,6 +786,22 @@ static int verify_policy_dir(__u8 dir)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int verify_policy_type(__u8 type)
|
||||||
|
{
|
||||||
|
switch (type) {
|
||||||
|
case XFRM_POLICY_TYPE_MAIN:
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
case XFRM_POLICY_TYPE_SUB:
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return -EINVAL;
|
||||||
|
};
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
|
static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
|
||||||
{
|
{
|
||||||
switch (p->share) {
|
switch (p->share) {
|
||||||
|
@ -879,6 +895,29 @@ static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma)
|
||||||
|
{
|
||||||
|
struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1];
|
||||||
|
struct xfrm_userpolicy_type *upt;
|
||||||
|
__u8 type = XFRM_POLICY_TYPE_MAIN;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
if (rt) {
|
||||||
|
if (rt->rta_len < sizeof(*upt))
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
upt = RTA_DATA(rt);
|
||||||
|
type = upt->type;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = verify_policy_type(type);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
*tp = type;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p)
|
static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p)
|
||||||
{
|
{
|
||||||
xp->priority = p->priority;
|
xp->priority = p->priority;
|
||||||
|
@ -917,16 +956,20 @@ static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p,
|
||||||
|
|
||||||
copy_from_user_policy(xp, p);
|
copy_from_user_policy(xp, p);
|
||||||
|
|
||||||
|
err = copy_from_user_policy_type(&xp->type, xfrma);
|
||||||
|
if (err)
|
||||||
|
goto error;
|
||||||
|
|
||||||
if (!(err = copy_from_user_tmpl(xp, xfrma)))
|
if (!(err = copy_from_user_tmpl(xp, xfrma)))
|
||||||
err = copy_from_user_sec_ctx(xp, xfrma);
|
err = copy_from_user_sec_ctx(xp, xfrma);
|
||||||
|
if (err)
|
||||||
if (err) {
|
goto error;
|
||||||
*errp = err;
|
|
||||||
kfree(xp);
|
|
||||||
xp = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return xp;
|
return xp;
|
||||||
|
error:
|
||||||
|
*errp = err;
|
||||||
|
kfree(xp);
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
|
static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
|
||||||
|
@ -1037,6 +1080,29 @@ static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *s
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
static int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb)
|
||||||
|
{
|
||||||
|
struct xfrm_userpolicy_type upt;
|
||||||
|
|
||||||
|
memset(&upt, 0, sizeof(upt));
|
||||||
|
upt.type = xp->type;
|
||||||
|
|
||||||
|
RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
rtattr_failure:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#else
|
||||||
|
static inline int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr)
|
static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr)
|
||||||
{
|
{
|
||||||
struct xfrm_dump_info *sp = ptr;
|
struct xfrm_dump_info *sp = ptr;
|
||||||
|
@ -1060,6 +1126,8 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
if (copy_to_user_sec_ctx(xp, skb))
|
if (copy_to_user_sec_ctx(xp, skb))
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
|
if (copy_to_user_policy_type(xp, skb) < 0)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
|
||||||
nlh->nlmsg_len = skb->tail - b;
|
nlh->nlmsg_len = skb->tail - b;
|
||||||
out:
|
out:
|
||||||
|
@ -1081,7 +1149,10 @@ static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
|
||||||
info.nlmsg_flags = NLM_F_MULTI;
|
info.nlmsg_flags = NLM_F_MULTI;
|
||||||
info.this_idx = 0;
|
info.this_idx = 0;
|
||||||
info.start_idx = cb->args[0];
|
info.start_idx = cb->args[0];
|
||||||
(void) xfrm_policy_walk(dump_one_policy, &info);
|
(void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info);
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
(void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info);
|
||||||
|
#endif
|
||||||
cb->args[0] = info.this_idx;
|
cb->args[0] = info.this_idx;
|
||||||
|
|
||||||
return skb->len;
|
return skb->len;
|
||||||
|
@ -1117,6 +1188,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
|
||||||
{
|
{
|
||||||
struct xfrm_policy *xp;
|
struct xfrm_policy *xp;
|
||||||
struct xfrm_userpolicy_id *p;
|
struct xfrm_userpolicy_id *p;
|
||||||
|
__u8 type = XFRM_POLICY_TYPE_MAIN;
|
||||||
int err;
|
int err;
|
||||||
struct km_event c;
|
struct km_event c;
|
||||||
int delete;
|
int delete;
|
||||||
|
@ -1124,12 +1196,16 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
|
||||||
p = NLMSG_DATA(nlh);
|
p = NLMSG_DATA(nlh);
|
||||||
delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
|
delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
|
||||||
|
|
||||||
|
err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
err = verify_policy_dir(p->dir);
|
err = verify_policy_dir(p->dir);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
if (p->index)
|
if (p->index)
|
||||||
xp = xfrm_policy_byid(p->dir, p->index, delete);
|
xp = xfrm_policy_byid(type, p->dir, p->index, delete);
|
||||||
else {
|
else {
|
||||||
struct rtattr **rtattrs = (struct rtattr **)xfrma;
|
struct rtattr **rtattrs = (struct rtattr **)xfrma;
|
||||||
struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
|
struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
|
||||||
|
@ -1146,7 +1222,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
|
||||||
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
|
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, delete);
|
xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
|
||||||
security_xfrm_policy_free(&tmp);
|
security_xfrm_policy_free(&tmp);
|
||||||
}
|
}
|
||||||
if (xp == NULL)
|
if (xp == NULL)
|
||||||
|
@ -1329,9 +1405,16 @@ out:
|
||||||
|
|
||||||
static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
|
static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
|
||||||
{
|
{
|
||||||
struct km_event c;
|
struct km_event c;
|
||||||
|
__u8 type = XFRM_POLICY_TYPE_MAIN;
|
||||||
|
int err;
|
||||||
|
|
||||||
xfrm_policy_flush();
|
err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
xfrm_policy_flush(type);
|
||||||
|
c.data.type = type;
|
||||||
c.event = nlh->nlmsg_type;
|
c.event = nlh->nlmsg_type;
|
||||||
c.seq = nlh->nlmsg_seq;
|
c.seq = nlh->nlmsg_seq;
|
||||||
c.pid = nlh->nlmsg_pid;
|
c.pid = nlh->nlmsg_pid;
|
||||||
|
@ -1344,10 +1427,15 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void *
|
||||||
struct xfrm_policy *xp;
|
struct xfrm_policy *xp;
|
||||||
struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
|
struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
|
||||||
struct xfrm_userpolicy_info *p = &up->pol;
|
struct xfrm_userpolicy_info *p = &up->pol;
|
||||||
|
__u8 type = XFRM_POLICY_TYPE_MAIN;
|
||||||
int err = -ENOENT;
|
int err = -ENOENT;
|
||||||
|
|
||||||
|
err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
if (p->index)
|
if (p->index)
|
||||||
xp = xfrm_policy_byid(p->dir, p->index, 0);
|
xp = xfrm_policy_byid(type, p->dir, p->index, 0);
|
||||||
else {
|
else {
|
||||||
struct rtattr **rtattrs = (struct rtattr **)xfrma;
|
struct rtattr **rtattrs = (struct rtattr **)xfrma;
|
||||||
struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
|
struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
|
||||||
|
@ -1364,7 +1452,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void *
|
||||||
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
|
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
xp = xfrm_policy_bysel_ctx(p->dir, &p->sel, tmp.security, 0);
|
xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0);
|
||||||
security_xfrm_policy_free(&tmp);
|
security_xfrm_policy_free(&tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1818,6 +1906,8 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
if (copy_to_user_state_sec_ctx(x, skb))
|
if (copy_to_user_state_sec_ctx(x, skb))
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
|
if (copy_to_user_policy_type(xp, skb) < 0)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
|
||||||
nlh->nlmsg_len = skb->tail - b;
|
nlh->nlmsg_len = skb->tail - b;
|
||||||
return skb->len;
|
return skb->len;
|
||||||
|
@ -1898,6 +1988,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
|
||||||
}
|
}
|
||||||
|
|
||||||
copy_from_user_policy(xp, p);
|
copy_from_user_policy(xp, p);
|
||||||
|
xp->type = XFRM_POLICY_TYPE_MAIN;
|
||||||
copy_templates(xp, ut, nr);
|
copy_templates(xp, ut, nr);
|
||||||
|
|
||||||
if (!xp->security) {
|
if (!xp->security) {
|
||||||
|
@ -1931,6 +2022,8 @@ static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp,
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
if (copy_to_user_sec_ctx(xp, skb))
|
if (copy_to_user_sec_ctx(xp, skb))
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
|
if (copy_to_user_policy_type(xp, skb) < 0)
|
||||||
|
goto nlmsg_failure;
|
||||||
upe->hard = !!hard;
|
upe->hard = !!hard;
|
||||||
|
|
||||||
nlh->nlmsg_len = skb->tail - b;
|
nlh->nlmsg_len = skb->tail - b;
|
||||||
|
@ -2002,6 +2095,8 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *
|
||||||
copy_to_user_policy(xp, p, dir);
|
copy_to_user_policy(xp, p, dir);
|
||||||
if (copy_to_user_tmpl(xp, skb) < 0)
|
if (copy_to_user_tmpl(xp, skb) < 0)
|
||||||
goto nlmsg_failure;
|
goto nlmsg_failure;
|
||||||
|
if (copy_to_user_policy_type(xp, skb) < 0)
|
||||||
|
goto nlmsg_failure;
|
||||||
|
|
||||||
nlh->nlmsg_len = skb->tail - b;
|
nlh->nlmsg_len = skb->tail - b;
|
||||||
|
|
||||||
|
@ -2019,6 +2114,9 @@ static int xfrm_notify_policy_flush(struct km_event *c)
|
||||||
struct nlmsghdr *nlh;
|
struct nlmsghdr *nlh;
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
unsigned char *b;
|
unsigned char *b;
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
struct xfrm_userpolicy_type upt;
|
||||||
|
#endif
|
||||||
int len = NLMSG_LENGTH(0);
|
int len = NLMSG_LENGTH(0);
|
||||||
|
|
||||||
skb = alloc_skb(len, GFP_ATOMIC);
|
skb = alloc_skb(len, GFP_ATOMIC);
|
||||||
|
@ -2028,6 +2126,13 @@ static int xfrm_notify_policy_flush(struct km_event *c)
|
||||||
|
|
||||||
|
|
||||||
nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0);
|
nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0);
|
||||||
|
nlh->nlmsg_flags = 0;
|
||||||
|
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
memset(&upt, 0, sizeof(upt));
|
||||||
|
upt.type = c->data.type;
|
||||||
|
RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
|
||||||
|
#endif
|
||||||
|
|
||||||
nlh->nlmsg_len = skb->tail - b;
|
nlh->nlmsg_len = skb->tail - b;
|
||||||
|
|
||||||
|
@ -2035,6 +2140,9 @@ static int xfrm_notify_policy_flush(struct km_event *c)
|
||||||
return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
|
return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
|
||||||
|
|
||||||
nlmsg_failure:
|
nlmsg_failure:
|
||||||
|
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||||
|
rtattr_failure:
|
||||||
|
#endif
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue