diff options
| author | Antony Antony <antony.antony@secunet.com> | 2024-04-30 10:08:52 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2024-05-01 11:05:11 +0300 |
| commit | a4a87fa4e96c7746e009de06a567688fd9af6013 (patch) | |
| tree | 6d37f9d613320a65c2c79166d7611a28632eff21 /net/xfrm/xfrm_replay.c | |
| parent | aeb48a428d7dbe636203ae892e981bcc3e2ac042 (diff) | |
| download | linux-a4a87fa4e96c7746e009de06a567688fd9af6013.tar.xz | |
xfrm: Add Direction to the SA in or out
This patch introduces the 'dir' attribute, 'in' or 'out', to the
xfrm_state, SA, enhancing usability by delineating the scope of values
based on direction. An input SA will restrict values pertinent to input,
effectively segregating them from output-related values.
And an output SA will restrict attributes for output. This change aims
to streamline the configuration process and improve the overall
consistency of SA attributes during configuration.
This feature sets the groundwork for future patches, including
the upcoming IP-TFS patch.
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_replay.c')
| -rw-r--r-- | net/xfrm/xfrm_replay.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index ce56d659c55a..bc56c6305725 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -778,7 +778,8 @@ int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack) } if (x->props.flags & XFRM_STATE_ESN) { - if (replay_esn->replay_window == 0) { + if (replay_esn->replay_window == 0 && + (!x->dir || x->dir == XFRM_SA_DIR_IN)) { NL_SET_ERR_MSG(extack, "ESN replay window must be > 0"); return -EINVAL; } |