diff options
| -rw-r--r-- | include/net/xfrm.h | 3 | ||||
| -rw-r--r-- | net/key/af_key.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
4 files changed, 7 insertions, 2 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index b56b6a10fe5e..baa9f372cfd1 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -436,6 +436,9 @@ struct xfrm_tmpl | |||
| 436 | /* May skip this transfomration if no SA is found */ | 436 | /* May skip this transfomration if no SA is found */ |
| 437 | __u8 optional; | 437 | __u8 optional; |
| 438 | 438 | ||
| 439 | /* Skip aalgos/ealgos/calgos checks. */ | ||
| 440 | __u8 allalgs; | ||
| 441 | |||
| 439 | /* Bit mask of algos allowed for acquisition */ | 442 | /* Bit mask of algos allowed for acquisition */ |
| 440 | __u32 aalgos; | 443 | __u32 aalgos; |
| 441 | __u32 ealgos; | 444 | __u32 ealgos; |
diff --git a/net/key/af_key.c b/net/key/af_key.c index 1fb0fe42a72e..81a8e5297ad1 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -1907,7 +1907,7 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) | |||
| 1907 | t->encap_family = xp->family; | 1907 | t->encap_family = xp->family; |
| 1908 | 1908 | ||
| 1909 | /* No way to set this via kame pfkey */ | 1909 | /* No way to set this via kame pfkey */ |
| 1910 | t->aalgos = t->ealgos = t->calgos = ~0; | 1910 | t->allalgs = 1; |
| 1911 | xp->xfrm_nr++; | 1911 | xp->xfrm_nr++; |
| 1912 | return 0; | 1912 | return 0; |
| 1913 | } | 1913 | } |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index ab4d0e598a2c..e0c0390613c0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1819,7 +1819,7 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x, | |||
| 1819 | (x->id.spi == tmpl->id.spi || !tmpl->id.spi) && | 1819 | (x->id.spi == tmpl->id.spi || !tmpl->id.spi) && |
| 1820 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && | 1820 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && |
| 1821 | x->props.mode == tmpl->mode && | 1821 | x->props.mode == tmpl->mode && |
| 1822 | ((tmpl->aalgos & (1<<x->props.aalgo)) || | 1822 | (tmpl->allalgs || (tmpl->aalgos & (1<<x->props.aalgo)) || |
| 1823 | !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) && | 1823 | !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) && |
| 1824 | !(x->props.mode != XFRM_MODE_TRANSPORT && | 1824 | !(x->props.mode != XFRM_MODE_TRANSPORT && |
| 1825 | xfrm_state_addr_cmp(tmpl, x, family)); | 1825 | xfrm_state_addr_cmp(tmpl, x, family)); |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 1810f5645bb5..22a30ae582a2 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -981,6 +981,8 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, | |||
| 981 | t->aalgos = ut->aalgos; | 981 | t->aalgos = ut->aalgos; |
| 982 | t->ealgos = ut->ealgos; | 982 | t->ealgos = ut->ealgos; |
| 983 | t->calgos = ut->calgos; | 983 | t->calgos = ut->calgos; |
| 984 | /* If all masks are ~0, then we allow all algorithms. */ | ||
| 985 | t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); | ||
| 984 | t->encap_family = ut->family; | 986 | t->encap_family = ut->family; |
| 985 | } | 987 | } |
| 986 | } | 988 | } |