[XFRM]: Add generation count to xfrm_state and xfrm_dst. Each xfrm_state inserted gets a new generation counter value. When a bundle is created, the xfrm_dst objects get the current generation counter of the xfrm_state they will attach to at dst->xfrm. xfrm_bundle_ok() will return false if it sees an xfrm_dst with a generation count different from the generation count of the xfrm_state that dst points to. This provides a facility by which to passively and cheaply invalidate cached IPSEC routes during SA database changes. Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 9d4a706d852411154d0c91b9ffb3bec68b94b25c [log] [tgz]
author: David S. Miller <davem@sunset.davemloft.net> Thu Aug 24 03:18:09 2006 -0700
committer: David S. Miller <davem@sunset.davemloft.net> Fri Sep 22 15:08:42 2006 -0700
tree: 1613607168baa8b654c300895cd7d0ffb6f18581
parent: f034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 [diff] [blame]
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 1732159..7fc6944 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c

@@ -1536,6 +1536,8 @@
 			return 0;
 		if (dst->xfrm->km.state != XFRM_STATE_VALID)
 			return 0;
+		if (xdst->genid != dst->xfrm->genid)
+			return 0;
 
 		if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
 		    !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
commit	9d4a706d852411154d0c91b9ffb3bec68b94b25c	[log] [tgz]
author	David S. Miller <davem@sunset.davemloft.net>	Thu Aug 24 03:18:09 2006 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	Fri Sep 22 15:08:42 2006 -0700
tree	1613607168baa8b654c300895cd7d0ffb6f18581
parent	f034b5d4efdfe0fb9e2a1ce1d95fa7914f24de49 [diff] [blame]