diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-04-25 15:41:21 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-04-26 15:46:04 -0400 |
commit | 7833aa05b8db63484b43b4b4c389cd4533140afb (patch) | |
tree | 7540e5cef5c96e0a0bcef2baf5360511885ce3b2 | |
parent | c0a56e64aec331f33ead29ba493ee184d9bdc840 (diff) |
xfrm: Check for the new replay implementation if an esn state is inserted
IPsec extended sequence numbers can be used only with the new
anti-replay window implementation. So check if the new implementation
is used if an esn state is inserted and return an error if it is not.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5d1d60d3ca83..c658cb3bc7c3 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -124,6 +124,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p, | |||
124 | { | 124 | { |
125 | struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; | 125 | struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; |
126 | 126 | ||
127 | if ((p->flags & XFRM_STATE_ESN) && !rt) | ||
128 | return -EINVAL; | ||
129 | |||
127 | if (!rt) | 130 | if (!rt) |
128 | return 0; | 131 | return 0; |
129 | 132 | ||