]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db3f28c) | patch
xfrm: force a garbage collection after deleting a policy
authorPaul Moore <pmoore@redhat.com>
Wed, 29 May 2013 07:36:25 +0000 (07:36 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sat, 1 Jun 2013 00:30:07 +0000 (17:30 -0700)
commit8b39d1793688ad5dbb31e11420a1855b4410e0bd
tree8f7750f6065dcb5d2bd727174fb9f4e3cd8fccf3tree | snapshot
parentdb3f28c31238778899881206559268c660de1051commit | diff
xfrm: force a garbage collection after deleting a policy

In some cases after deleting a policy from the SPD the policy would
remain in the dst/flow/route cache for an extended period of time
which caused problems for SELinux as its dynamic network access
controls key off of the number of XFRM policy and state entries.
This patch corrects this problem by forcing a XFRM garbage collection
whenever a policy is sucessfully removed.

Reported-by: Ondrej Moris <omoris@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/xfrm.h diff | blob | history
net/key/af_key.c diff | blob | history
net/xfrm/xfrm_policy.c diff | blob | history
net/xfrm/xfrm_user.c diff | blob | history
Linux Kernel Source Tree.