diff options
author | Fan Du <fan.du@windriver.com> | 2014-01-18 09:54:28 +0800 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-12 07:02:11 +0100 |
commit | 01714109ea7e7ff4142f98a91114a97a91d34cdf (patch) | |
tree | 0ac75c0a161a769ab80de755de429ce71fd97548 /net/xfrm | |
parent | 8d6da6f325572664107601a3c9782f8c23c1bfc5 (diff) | |
download | op-kernel-dev-01714109ea7e7ff4142f98a91114a97a91d34cdf.zip op-kernel-dev-01714109ea7e7ff4142f98a91114a97a91d34cdf.tar.gz |
xfrm: Don't prohibit AH from using ESN feature
Clear checking when user try to use ESN through netlink keymgr for AH.
As only ESP and AH support ESN feature according to RFC.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 1ae3ec7..ade9988 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -142,7 +142,8 @@ static inline int verify_replay(struct xfrm_usersa_info *p, if (!rt) return 0; - if (p->id.proto != IPPROTO_ESP) + /* As only ESP and AH support ESN feature. */ + if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH)) return -EINVAL; if (p->replay_window != 0) |