diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-19 07:33:24 -0500 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-20 08:30:10 -0500 |
commit | ee5c23176fcc820f7a56d3e86001532af0d59b1e (patch) | |
tree | 120858d4c5c3f9ab0cff9cbea237f3a80109c28c /net | |
parent | 8c0cba22e196122d26c92980943474eb53db8deb (diff) |
xfrm: Clone states properly on migration
We loose a lot of information of the original state if we
clone it with xfrm_state_clone(). In particular, there is
no crypto algorithm attached if the original state uses
an aead algorithm. This patch add the missing information
to the clone state.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_state.c | 8 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 5 |
2 files changed, 8 insertions, 5 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index c101023be3d2..40f1b3e92e78 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -1159,6 +1159,11 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) | |||
1159 | } | 1159 | } |
1160 | x->props.aalgo = orig->props.aalgo; | 1160 | x->props.aalgo = orig->props.aalgo; |
1161 | 1161 | ||
1162 | if (orig->aead) { | ||
1163 | x->aead = xfrm_algo_aead_clone(orig->aead); | ||
1164 | if (!x->aead) | ||
1165 | goto error; | ||
1166 | } | ||
1162 | if (orig->ealg) { | 1167 | if (orig->ealg) { |
1163 | x->ealg = xfrm_algo_clone(orig->ealg); | 1168 | x->ealg = xfrm_algo_clone(orig->ealg); |
1164 | if (!x->ealg) | 1169 | if (!x->ealg) |
@@ -1201,6 +1206,9 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) | |||
1201 | x->props.flags = orig->props.flags; | 1206 | x->props.flags = orig->props.flags; |
1202 | x->props.extra_flags = orig->props.extra_flags; | 1207 | x->props.extra_flags = orig->props.extra_flags; |
1203 | 1208 | ||
1209 | x->tfcpad = orig->tfcpad; | ||
1210 | x->replay_maxdiff = orig->replay_maxdiff; | ||
1211 | x->replay_maxage = orig->replay_maxage; | ||
1204 | x->curlft.add_time = orig->curlft.add_time; | 1212 | x->curlft.add_time = orig->curlft.add_time; |
1205 | x->km.state = orig->km.state; | 1213 | x->km.state = orig->km.state; |
1206 | x->km.seq = orig->km.seq; | 1214 | x->km.seq = orig->km.seq; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 1ae3ec7c18b0..c274179d60a2 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -32,11 +32,6 @@ | |||
32 | #include <linux/in6.h> | 32 | #include <linux/in6.h> |
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | static inline int aead_len(struct xfrm_algo_aead *alg) | ||
36 | { | ||
37 | return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); | ||
38 | } | ||
39 | |||
40 | static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) | 35 | static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) |
41 | { | 36 | { |
42 | struct nlattr *rt = attrs[type]; | 37 | struct nlattr *rt = attrs[type]; |