linux_old1/net/xfrm
Paul Moore e4c1721642 xfrm: force a garbage collection after deleting a policy
In some cases after deleting a policy from the SPD the policy would
remain in the dst/flow/route cache for an extended period of time
which caused problems for SELinux as its dynamic network access
controls key off of the number of XFRM policy and state entries.
This patch corrects this problem by forcing a XFRM garbage collection
whenever a policy is sucessfully removed.

Reported-by: Ondrej Moris <omoris@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-31 17:30:07 -07:00
..
Kconfig net/xfrm: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:03 -08:00
Makefile xfrm: make xfrm_algo.c a module 2012-05-15 13:13:34 -04:00
xfrm_algo.c xfrm: add rfc4494 AES-CMAC-96 support 2013-04-25 21:01:48 +08:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
xfrm_input.c xfrm: Workaround incompatibility of ESN and async crypto 2012-09-04 14:09:45 -04:00
xfrm_ipcomp.c net: xfrm: use __this_cpu_read per-cpu helper 2012-11-13 14:38:52 +01:00
xfrm_output.c xfrm: properly handle invalid states as an error 2013-05-23 01:20:07 -07:00
xfrm_policy.c xfrm: force a garbage collection after deleting a policy 2013-05-31 17:30:07 -07:00
xfrm_proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
xfrm_replay.c xfrm: Fix esn sequence number diff calculation in xfrm_replay_notify_esn() 2013-03-25 07:25:50 +01:00
xfrm_state.c xfrm: allow to avoid copying DSCP during encapsulation 2013-03-06 07:02:45 +01:00
xfrm_sysctl.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
xfrm_user.c xfrm: force a garbage collection after deleting a policy 2013-05-31 17:30:07 -07:00