[XFRM]: Add generation count to xfrm_state and xfrm_dst. Each xfrm_state inserted gets a new generation counter value. When a bundle is created, the xfrm_dst objects get the current generation counter of the xfrm_state they will attach to at dst->xfrm. xfrm_bundle_ok() will return false if it sees an xfrm_dst with a generation count different from the generation count of the xfrm_state that dst points to. This provides a facility by which to passively and cheaply invalidate cached IPSEC routes during SA database changes. Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 9d4a706d852411154d0c91b9ffb3bec68b94b25c [log] [tgz]
author: David S. Miller <davem@sunset.davemloft.net> Thu Aug 24 03:18:09 2006 -0700
committer: David S. Miller <davem@sunset.davemloft.net> Fri Sep 22 15:08:42 2006 -0700
tree: 1613607168baa8b654c300895cd7d0ffb6f18581
parent: f034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 [diff]
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 3405e5d..fd4a300 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h

@@ -104,6 +104,8 @@
 	struct xfrm_id		id;
 	struct xfrm_selector	sel;
 
+	u32			genid;
+
 	/* Key manger bits */
 	struct {
 		u8		state;
@@ -590,6 +592,7 @@
 		struct rt6_info		rt6;
 	} u;
 	struct dst_entry *route;
+	u32 genid;
 	u32 route_mtu_cached;
 	u32 child_mtu_cached;
 	u32 route_cookie;

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 42d8ded..4795985 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c

@@ -93,6 +93,7 @@
 
 		xdst = (struct xfrm_dst *)dst1;
 		xdst->route = &rt->u.dst;
+		xdst->genid = xfrm[i]->genid;
 
 		dst1->next = dst_prev;
 		dst_prev = dst1;

diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 98c2fe4..9391c4c 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c

@@ -149,6 +149,7 @@
 
 		xdst = (struct xfrm_dst *)dst1;
 		xdst->route = &rt->u.dst;
+		xdst->genid = xfrm[i]->genid;
 		if (rt->rt6i_node)
 			xdst->route_cookie = rt->rt6i_node->fn_sernum;
 

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 1732159..7fc6944 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c

@@ -1536,6 +1536,8 @@
 			return 0;
 		if (dst->xfrm->km.state != XFRM_STATE_VALID)
 			return 0;
+		if (xdst->genid != dst->xfrm->genid)
+			return 0;
 
 		if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
 		    !xfrm_state_addr_flow_check(dst->xfrm, fl, family))

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 445263c..535d43c 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c

@@ -53,6 +53,7 @@
 static unsigned int xfrm_state_hmask __read_mostly;
 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
 static unsigned int xfrm_state_num;
+static unsigned int xfrm_state_genid;
 
 static inline unsigned int __xfrm4_dst_hash(xfrm_address_t *addr, unsigned int hmask)
 {
@@ -745,6 +746,8 @@
 {
 	unsigned int h = xfrm_dst_hash(&x->id.daddr, x->props.family);
 
+	x->genid = ++xfrm_state_genid;
+
 	hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 	xfrm_state_hold(x);
commit	9d4a706d852411154d0c91b9ffb3bec68b94b25c	[log] [tgz]
author	David S. Miller <davem@sunset.davemloft.net>	Thu Aug 24 03:18:09 2006 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	Fri Sep 22 15:08:42 2006 -0700
tree	1613607168baa8b654c300895cd7d0ffb6f18581
parent	f034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 [diff]