diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-06-19 01:43:43 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-06-19 01:43:43 -0400 |
commit | 4f09f0bbc1cb3c74e8f2047ad4be201a059829ee (patch) | |
tree | d5ceba89f401b073cea383fa245c2b6299b7d07e | |
parent | 4666faab095230ec8aa62da6c33391287f281154 (diff) |
[IPSEC] Fix xfrm to pfkey SA state conversion
This patch adjusts the SA state conversion in af_key such that
XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
instead of SADB_STATE_DYING.
According to RFC 2367, SADB_STATE_DYING SAs can be turned into
mature ones through updating their lifetime settings. Since SAs
which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
be resurrected, this value is unsuitable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | net/key/af_key.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index d086c117f5f0..560c93c10890 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -656,13 +656,18 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, | |||
656 | sa->sadb_sa_exttype = SADB_EXT_SA; | 656 | sa->sadb_sa_exttype = SADB_EXT_SA; |
657 | sa->sadb_sa_spi = x->id.spi; | 657 | sa->sadb_sa_spi = x->id.spi; |
658 | sa->sadb_sa_replay = x->props.replay_window; | 658 | sa->sadb_sa_replay = x->props.replay_window; |
659 | sa->sadb_sa_state = SADB_SASTATE_DYING; | 659 | switch (x->km.state) { |
660 | if (x->km.state == XFRM_STATE_VALID && !x->km.dying) | 660 | case XFRM_STATE_VALID: |
661 | sa->sadb_sa_state = SADB_SASTATE_MATURE; | 661 | sa->sadb_sa_state = x->km.dying ? |
662 | else if (x->km.state == XFRM_STATE_ACQ) | 662 | SADB_SASTATE_DYING : SADB_SASTATE_MATURE; |
663 | break; | ||
664 | case XFRM_STATE_ACQ: | ||
663 | sa->sadb_sa_state = SADB_SASTATE_LARVAL; | 665 | sa->sadb_sa_state = SADB_SASTATE_LARVAL; |
664 | else if (x->km.state == XFRM_STATE_EXPIRED) | 666 | break; |
667 | default: | ||
665 | sa->sadb_sa_state = SADB_SASTATE_DEAD; | 668 | sa->sadb_sa_state = SADB_SASTATE_DEAD; |
669 | break; | ||
670 | } | ||
666 | sa->sadb_sa_auth = 0; | 671 | sa->sadb_sa_auth = 0; |
667 | if (x->aalg) { | 672 | if (x->aalg) { |
668 | struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); | 673 | struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); |