diff options
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index ab4d0e598a2c..e0c0390613c0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1819,7 +1819,7 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x, | |||
| 1819 | (x->id.spi == tmpl->id.spi || !tmpl->id.spi) && | 1819 | (x->id.spi == tmpl->id.spi || !tmpl->id.spi) && |
| 1820 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && | 1820 | (x->props.reqid == tmpl->reqid || !tmpl->reqid) && |
| 1821 | x->props.mode == tmpl->mode && | 1821 | x->props.mode == tmpl->mode && |
| 1822 | ((tmpl->aalgos & (1<<x->props.aalgo)) || | 1822 | (tmpl->allalgs || (tmpl->aalgos & (1<<x->props.aalgo)) || |
| 1823 | !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) && | 1823 | !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) && |
| 1824 | !(x->props.mode != XFRM_MODE_TRANSPORT && | 1824 | !(x->props.mode != XFRM_MODE_TRANSPORT && |
| 1825 | xfrm_state_addr_cmp(tmpl, x, family)); | 1825 | xfrm_state_addr_cmp(tmpl, x, family)); |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 1810f5645bb5..22a30ae582a2 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -981,6 +981,8 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, | |||
| 981 | t->aalgos = ut->aalgos; | 981 | t->aalgos = ut->aalgos; |
| 982 | t->ealgos = ut->ealgos; | 982 | t->ealgos = ut->ealgos; |
| 983 | t->calgos = ut->calgos; | 983 | t->calgos = ut->calgos; |
| 984 | /* If all masks are ~0, then we allow all algorithms. */ | ||
| 985 | t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); | ||
| 984 | t->encap_family = ut->family; | 986 | t->encap_family = ut->family; |
| 985 | } | 987 | } |
| 986 | } | 988 | } |