err = xfrm_state_update(x);
xfrm_audit_state_add(x, err ? 0 : 1,
- audit_get_loginuid(current->audit_context), 0);
+ audit_get_loginuid(current), 0);
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
km_state_notify(x, &c);
out:
xfrm_audit_state_delete(x, err ? 0 : 1,
- audit_get_loginuid(current->audit_context), 0);
+ audit_get_loginuid(current), 0);
xfrm_state_put(x);
return err;
if (proto == 0)
return -EINVAL;
- audit_info.loginuid = audit_get_loginuid(current->audit_context);
+ audit_info.loginuid = audit_get_loginuid(current);
audit_info.secid = 0;
err = xfrm_state_flush(proto, &audit_info);
if (err)
{
u8 proto;
struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
+ struct xfrm_state_walk walk;
+ int rc;
proto = pfkey_satype2proto(hdr->sadb_msg_satype);
if (proto == 0)
return -EINVAL;
- return xfrm_state_walk(proto, dump_sa, &data);
+ xfrm_state_walk_init(&walk, proto);
+ rc = xfrm_state_walk(&walk, dump_sa, &data);
+ xfrm_state_walk_done(&walk);
+
+ return rc;
}
static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
static u32 gen_reqid(void)
{
+ struct xfrm_policy_walk walk;
u32 start;
+ int rc;
static u32 reqid = IPSEC_MANUAL_REQID_MAX;
start = reqid;
++reqid;
if (reqid == 0)
reqid = IPSEC_MANUAL_REQID_MAX+1;
- if (xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, check_reqid,
- (void*)&reqid) != -EEXIST)
+ xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
+ rc = xfrm_policy_walk(&walk, check_reqid, (void*)&reqid);
+ xfrm_policy_walk_done(&walk);
+ if (rc != -EEXIST)
return reqid;
} while (reqid != start);
return 0;
hdr->sadb_msg_type != SADB_X_SPDUPDATE);
xfrm_audit_policy_add(xp, err ? 0 : 1,
- audit_get_loginuid(current->audit_context), 0);
+ audit_get_loginuid(current), 0);
if (err)
goto out;
return 0;
out:
- security_xfrm_policy_free(xp);
- kfree(xp);
+ xp->dead = 1;
+ xfrm_policy_destroy(xp);
return err;
}
return -ENOENT;
xfrm_audit_policy_delete(xp, err ? 0 : 1,
- audit_get_loginuid(current->audit_context), 0);
+ audit_get_loginuid(current), 0);
if (err)
goto out;
if (delete) {
xfrm_audit_policy_delete(xp, err ? 0 : 1,
- audit_get_loginuid(current->audit_context), 0);
+ audit_get_loginuid(current), 0);
if (err)
goto out;
static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
{
struct pfkey_dump_data data = { .skb = skb, .hdr = hdr, .sk = sk };
+ struct xfrm_policy_walk walk;
+ int rc;
+
+ xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
+ rc = xfrm_policy_walk(&walk, dump_sp, &data);
+ xfrm_policy_walk_done(&walk);
- return xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_sp, &data);
+ return rc;
}
static int key_notify_policy_flush(struct km_event *c)
struct xfrm_audit audit_info;
int err;
- audit_info.loginuid = audit_get_loginuid(current->audit_context);
+ audit_info.loginuid = audit_get_loginuid(current);
audit_info.secid = 0;
err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
if (err)
return xp;
out:
- security_xfrm_policy_free(xp);
- kfree(xp);
+ xfrm_policy_destroy(xp);
return NULL;
}
};
#ifdef CONFIG_PROC_FS
-static int pfkey_read_proc(char *buffer, char **start, off_t offset,
- int length, int *eof, void *data)
+static int pfkey_seq_show(struct seq_file *f, void *v)
{
- off_t pos = 0;
- off_t begin = 0;
- int len = 0;
struct sock *s;
- struct hlist_node *node;
-
- len += sprintf(buffer,"sk RefCnt Rmem Wmem User Inode\n");
- read_lock(&pfkey_table_lock);
-
- sk_for_each(s, node, &pfkey_table) {
- len += sprintf(buffer+len,"%p %-6d %-6u %-6u %-6u %-6lu",
+ s = (struct sock *)v;
+ if (v == SEQ_START_TOKEN)
+ seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
+ else
+ seq_printf(f ,"%p %-6d %-6u %-6u %-6u %-6lu\n",
s,
atomic_read(&s->sk_refcnt),
atomic_read(&s->sk_rmem_alloc),
sock_i_uid(s),
sock_i_ino(s)
);
+ return 0;
+}
- buffer[len++] = '\n';
+static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
+{
+ struct sock *s;
+ struct hlist_node *node;
+ loff_t pos = *ppos;
- pos = begin + len;
- if (pos < offset) {
- len = 0;
- begin = pos;
- }
- if(pos > offset + length)
- goto done;
- }
- *eof = 1;
+ read_lock(&pfkey_table_lock);
+ if (pos == 0)
+ return SEQ_START_TOKEN;
+
+ sk_for_each(s, node, &pfkey_table)
+ if (pos-- == 1)
+ return s;
+
+ return NULL;
+}
-done:
+static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
+{
+ ++*ppos;
+ return (v == SEQ_START_TOKEN) ?
+ sk_head(&pfkey_table) :
+ sk_next((struct sock *)v);
+}
+
+static void pfkey_seq_stop(struct seq_file *f, void *v)
+{
read_unlock(&pfkey_table_lock);
+}
+
+static struct seq_operations pfkey_seq_ops = {
+ .start = pfkey_seq_start,
+ .next = pfkey_seq_next,
+ .stop = pfkey_seq_stop,
+ .show = pfkey_seq_show,
+};
- *start = buffer + (offset - begin);
- len -= (offset - begin);
+static int pfkey_seq_open(struct inode *inode, struct file *file)
+{
+ return seq_open(file, &pfkey_seq_ops);
+}
- if (len > length)
- len = length;
- if (len < 0)
- len = 0;
+static struct file_operations pfkey_proc_ops = {
+ .open = pfkey_seq_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release,
+};
- return len;
+static int pfkey_init_proc(void)
+{
+ struct proc_dir_entry *e;
+
+ e = proc_net_fops_create(&init_net, "pfkey", 0, &pfkey_proc_ops);
+ if (e == NULL)
+ return -ENOMEM;
+
+ return 0;
+}
+
+static void pfkey_exit_proc(void)
+{
+ proc_net_remove(&init_net, "pfkey");
+}
+#else
+static inline int pfkey_init_proc(void)
+{
+ return 0;
+}
+
+static inline void pfkey_exit_proc(void)
+{
}
#endif
static void __exit ipsec_pfkey_exit(void)
{
xfrm_unregister_km(&pfkeyv2_mgr);
- remove_proc_entry("pfkey", init_net.proc_net);
+ pfkey_exit_proc();
sock_unregister(PF_KEY);
proto_unregister(&key_proto);
}
err = sock_register(&pfkey_family_ops);
if (err != 0)
goto out_unregister_key_proto;
-#ifdef CONFIG_PROC_FS
- err = -ENOMEM;
- if (create_proc_read_entry("pfkey", 0, init_net.proc_net, pfkey_read_proc, NULL) == NULL)
+ err = pfkey_init_proc();
+ if (err != 0)
goto out_sock_unregister;
-#endif
err = xfrm_register_km(&pfkeyv2_mgr);
if (err != 0)
goto out_remove_proc_entry;
out:
return err;
out_remove_proc_entry:
-#ifdef CONFIG_PROC_FS
- remove_proc_entry("net/pfkey", NULL);
+ pfkey_exit_proc();
out_sock_unregister:
-#endif
sock_unregister(PF_KEY);
out_unregister_key_proto:
proto_unregister(&key_proto);