Message ID | 1c3bdbd480bd3018175525a23ba623911fec74e1.1666359531.git.antony.antony@secunet.com (mailing list archive) |
---|---|
State | Awaiting Upstream |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [ipsec-next,v2] xfrm: update x->lastused for every packet | expand |
On Fri, Oct 21, 2022 at 03:42:01PM +0200, Antony Antony wrote: > x->lastused was only updated for outgoing mobile IPv6 packet. > With this fix update it for every, in and out, packet. > > This is useful to check if the a SA is still in use, or when was > the last time an SA was used. lastused time of in SA can used > to check IPsec path is functional. > > Signed-off-by: Antony Antony <antony.antony@secunet.com> Applied, thanks a lot Antony!
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 97074f6f2bde..c06e54a10540 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -671,6 +671,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) x->curlft.bytes += skb->len; x->curlft.packets++; + x->lastused = ktime_get_real_seconds(); spin_unlock(&x->lock); diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 9a5e79a38c67..78cb8d0a6a18 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -209,8 +209,6 @@ static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb) __skb_pull(skb, hdr_len); memmove(ipv6_hdr(skb), iph, hdr_len); - x->lastused = ktime_get_real_seconds(); - return 0; #else WARN_ON_ONCE(1); @@ -534,6 +532,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) x->curlft.bytes += skb->len; x->curlft.packets++; + x->lastused = ktime_get_real_seconds(); spin_unlock_bh(&x->lock);
x->lastused was only updated for outgoing mobile IPv6 packet. With this fix update it for every, in and out, packet. This is useful to check if the a SA is still in use, or when was the last time an SA was used. lastused time of in SA can used to check IPsec path is functional. Signed-off-by: Antony Antony <antony.antony@secunet.com> --- v1 -> v2 now ipsec-next has the required patches. net/xfrm/xfrm_input.c | 1 + net/xfrm/xfrm_output.c | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) -- 2.30.2