diff options
| author | David S. Miller <davem@sunset.davemloft.net> | 2005-12-19 14:23:23 -0800 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2005-12-19 14:23:23 -0800 |
| commit | 399c180ac5f0cb66ef9479358e0b8b6bafcbeafe (patch) | |
| tree | 4014154b7800e96058d94f78dc34a53681e8d5e5 /net/xfrm/xfrm_policy.c | |
| parent | 9e999993c71e1506378d26d81f842277aff8a250 (diff) | |
[IPSEC]: Perform SA switchover immediately.
When we insert a new xfrm_state which potentially
subsumes an existing one, make sure all cached
bundles are flushed so that the new SA is used
immediately.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0db9e57013f..54a4be6a7d2 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1014,13 +1014,12 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) } EXPORT_SYMBOL(__xfrm_route_forward); -/* Optimize later using cookies and generation ids. */ - static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie) { - if (!stale_bundle(dst)) - return dst; - + /* If it is marked obsolete, which is how we even get here, + * then we have purged it from the policy bundle list and we + * did that for a good reason. + */ return NULL; } @@ -1104,6 +1103,16 @@ int xfrm_flush_bundles(void) return 0; } +static int always_true(struct dst_entry *dst) +{ + return 1; +} + +void xfrm_flush_all_bundles(void) +{ + xfrm_prune_bundles(always_true); +} + void xfrm_init_pmtu(struct dst_entry *dst) { do { |