[XFRM]: Add FLUSHSA and FLUSHPOLICY.

This patch adds FLUSHSA and FLUSHPOLICY to xfrm_user which are
analagous to SADB_FLUSH and SADB_X_SPDFLUSH in af_key.

This is useful in KMs on startup/shutdown so that the system is
reset to a known state.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@redhat.com>

2 files changed, 29 insertions, 0 deletions

diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 79b5ab2a7b21..2e22a996f623 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -135,6 +135,11 @@ enum {
 	XFRM_MSG_POLEXPIRE,
 #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
 
+	XFRM_MSG_FLUSHSA,
+#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
+	XFRM_MSG_FLUSHPOLICY,
+#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
+
 	XFRM_MSG_MAX
 };
 
@@ -242,6 +247,10 @@ struct xfrm_user_polexpire {
 	__u8				hard;
 };
 
+struct xfrm_usersa_flush {
+	__u8				proto;
+};
+
 #define XFRMGRP_ACQUIRE		1
 #define XFRMGRP_EXPIRE		2
 
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b917b5a77b35..99edfc6128a3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -814,6 +814,20 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 	return err;
 }
 
+static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+	struct xfrm_usersa_flush *p = NLMSG_DATA(nlh);
+
+	xfrm_state_flush(p->proto);
+	return 0;
+}
+
+static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+	xfrm_policy_flush();
+	return 0;
+}
+
 static const int xfrm_msg_min[(XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)] = {
 	NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)),	/* NEW SA */
 	NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)),	/* DEL SA */
@@ -826,6 +840,9 @@ static const int xfrm_msg_min[(XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)] = {
 	NLMSG_LENGTH(sizeof(struct xfrm_user_expire)),	/* EXPIRE */
 	NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)),/* UPD POLICY */
 	NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)),	/* UPD SA */
+	NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)), /* POLEXPIRE */
+	NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)),	/* FLUSH SA */
+	NLMSG_LENGTH(0),				/* FLUSH POLICY */
 };
 
 static struct xfrm_link {
@@ -849,6 +866,9 @@ static struct xfrm_link {
 	{},
 	{	.doit	=	xfrm_add_policy 	},
 	{	.doit	=	xfrm_add_sa, 		},
+	{},
+	{	.doit	=	xfrm_flush_sa		},
+	{	.doit	=	xfrm_flush_policy	},
 };
 
 static int xfrm_done(struct netlink_callback *cb)