netns xfrm: policy flushing in netns

					  struct xfrm_sec_ctx *ctx, int delete,

					  int *err);

struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err);

int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info);

int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);

u32 xfrm_get_acqseq(void);

extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);

struct xfrm_state * xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,

	audit_info.loginuid = audit_get_loginuid(current);

	audit_info.sessionid = audit_get_sessionid(current);

	audit_info.secid = 0;

	err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);

	err = xfrm_policy_flush(&init_net, XFRM_POLICY_TYPE_MAIN, &audit_info);

	if (err)

		return err;

	c.data.type = XFRM_POLICY_TYPE_MAIN;

#ifdef CONFIG_SECURITY_NETWORK_XFRM

static inline int

xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)

xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info)

{

	int dir, err = 0;

		int i;

		hlist_for_each_entry(pol, entry,

				     &init_net.xfrm.policy_inexact[dir], bydst) {

				     &net->xfrm.policy_inexact[dir], bydst) {

			if (pol->type != type)

				continue;

			err = security_xfrm_policy_delete(pol->security);

				return err;

			}

		}

		for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) {

		for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) {

			hlist_for_each_entry(pol, entry,

					     init_net.xfrm.policy_bydst[dir].table + i,

					     net->xfrm.policy_bydst[dir].table + i,

					     bydst) {

				if (pol->type != type)

					continue;

}

#else

static inline int

xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)

xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info)

{

	return 0;

}

#endif

int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)

int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)

{

	int dir, err = 0;

	write_lock_bh(&xfrm_policy_lock);

	err = xfrm_policy_flush_secctx_check(type, audit_info);

	err = xfrm_policy_flush_secctx_check(net, type, audit_info);

	if (err)

		goto out;

		killed = 0;

	again1:

		hlist_for_each_entry(pol, entry,

				     &init_net.xfrm.policy_inexact[dir], bydst) {

				     &net->xfrm.policy_inexact[dir], bydst) {

			if (pol->type != type)

				continue;

			hlist_del(&pol->bydst);

			goto again1;

		}

		for (i = init_net.xfrm.policy_bydst[dir].hmask; i >= 0; i--) {

		for (i = net->xfrm.policy_bydst[dir].hmask; i >= 0; i--) {

	again2:

			hlist_for_each_entry(pol, entry,

					     init_net.xfrm.policy_bydst[dir].table + i,

					     net->xfrm.policy_bydst[dir].table + i,

					     bydst) {

				if (pol->type != type)

					continue;

			}

		}

		init_net.xfrm.policy_count[dir] -= killed;

		net->xfrm.policy_count[dir] -= killed;

	}

	atomic_inc(&flow_cache_genid);

out:

	audit_info.loginuid = NETLINK_CB(skb).loginuid;

	audit_info.sessionid = NETLINK_CB(skb).sessionid;

	audit_info.secid = NETLINK_CB(skb).sid;

	err = xfrm_policy_flush(type, &audit_info);

	err = xfrm_policy_flush(&init_net, type, &audit_info);

	if (err)

		return err;

	c.data.type = type;