summaryrefslogtreecommitdiff
path: root/security/selinux/include
diff options
context:
space:
mode:
authorfan.du <fan.du@windriver.com>2013-07-30 00:33:53 (GMT)
committerDavid S. Miller <davem@davemloft.net>2013-07-31 21:56:36 (GMT)
commitca4c3fc24e293719fe7410c4e63da9b6bc633b83 (patch)
tree0461841f3d10b11a26ebe1a0adc99c7b00a489a2 /security/selinux/include
parentba361cb3d4c977e2b94b5d97905f66b4d48964de (diff)
downloadlinux-ca4c3fc24e293719fe7410c4e63da9b6bc633b83.tar.xz
net: split rt_genid for ipv4 and ipv6
Current net name space has only one genid for both IPv4 and IPv6, it has below drawbacks: - Add/delete an IPv4 address will invalidate all IPv6 routing table entries. - Insert/remove XFRM policy will also invalidate both IPv4/IPv6 routing table entries even when the policy is only applied for one address family. Thus, this patch attempt to split one genid for two to cater for IPv4 and IPv6 separately in a fine granularity. Signed-off-by: Fan Du <fan.du@windriver.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/xfrm.h7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 65f67cb..6713f04 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -50,8 +50,13 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
static inline void selinux_xfrm_notify_policyload(void)
{
+ struct net *net;
+
atomic_inc(&flow_cache_genid);
- rt_genid_bump(&init_net);
+ rtnl_lock();
+ for_each_net(net)
+ rt_genid_bump_all(net);
+ rtnl_unlock();
}
#else
static inline int selinux_xfrm_enabled(void)