aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/esp6.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-18 00:35:15 -0400
committerDavid S. Miller <davem@davemloft.net>2007-10-18 00:35:15 -0400
commitca68145f16359f71cd62b2671aa3e8c58f45ef19 (patch)
treedcd8806792a443cddc1c25f015d136a179c6882b /net/ipv6/esp6.c
parented3e37ddb0b422120d3d2d5da718c44c40af30ba (diff)
[IPSEC]: Disallow combinations of RO and AH/ESP/IPCOMP
Combining RO and AH/ESP/IPCOMP does not make sense. So this patch adds a check in the state initialisation function to prevent this. This allows us to safely remove the mode input function of RO since it can never be called anymore. Indeed, if somehow it does get called we'll know about it through an OOPS instead of it slipping past silently. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r--net/ipv6/esp6.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 9eb928598351..b0715432e454 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -354,8 +354,15 @@ static int esp6_init_state(struct xfrm_state *x)
354 (x->ealg->alg_key_len + 7) / 8)) 354 (x->ealg->alg_key_len + 7) / 8))
355 goto error; 355 goto error;
356 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen; 356 x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
357 if (x->props.mode == XFRM_MODE_TUNNEL) 357 switch (x->props.mode) {
358 case XFRM_MODE_BEET:
359 case XFRM_MODE_TRANSPORT:
360 break;
361 case XFRM_MODE_TUNNEL:
358 x->props.header_len += sizeof(struct ipv6hdr); 362 x->props.header_len += sizeof(struct ipv6hdr);
363 default:
364 goto error;
365 }
359 x->data = esp; 366 x->data = esp;
360 return 0; 367 return 0;
361 368