diff options
| author | Antony Antony <antony.antony@secunet.com> | 2026-05-26 22:06:33 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2026-06-04 13:22:36 +0300 |
| commit | b8addb8884f2dc1b13cf3e4fa0265ecd0bc58b69 (patch) | |
| tree | 8b97931913f236278e6bb3af68ab0c2d22d3790b | |
| parent | 231a1744dc433e8f39871a8fd0f5eab78202e136 (diff) | |
| download | linux-b8addb8884f2dc1b13cf3e4fa0265ecd0bc58b69.tar.xz | |
xfrm: allow migration from UDP encapsulated to non-encapsulated ESP
The current code prevents migrating an SA from UDP encapsulation to
plain ESP. This is needed when moving from a NATed path to a non-NATed
one, for example when switching from IPv4+NAT to IPv6.
Only copy the existing encapsulation during migration if the encap
attribute is explicitly provided.
Note: PF_KEY's SADB_X_MIGRATE always passes encap=NULL and never
supported encapsulation in migration. PF_KEY is deprecated and was
in feature freeze when UDP encapsulation was added to xfrm.
Tested-by: Yan Yan <evitayan@google.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
| -rw-r--r-- | net/xfrm/xfrm_state.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 53d88b87bdbd..933541bc9093 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig, } x->props.calgo = orig->props.calgo; - if (encap || orig->encap) { - if (encap) - x->encap = kmemdup(encap, sizeof(*x->encap), - GFP_KERNEL); - else - x->encap = kmemdup(orig->encap, sizeof(*x->encap), - GFP_KERNEL); - + if (encap) { + x->encap = kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; } |
