summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorFan Du <fan.du@windriver.com>2014-01-18 05:54:28 +0400
committerSteffen Klassert <steffen.klassert@secunet.com>2014-02-12 10:02:11 +0400
commit01714109ea7e7ff4142f98a91114a97a91d34cdf (patch)
tree0ac75c0a161a769ab80de755de429ce71fd97548 /net
parent8d6da6f325572664107601a3c9782f8c23c1bfc5 (diff)
downloadlinux-01714109ea7e7ff4142f98a91114a97a91d34cdf.tar.xz
xfrm: Don't prohibit AH from using ESN feature
Clear checking when user try to use ESN through netlink keymgr for AH. As only ESP and AH support ESN feature according to RFC. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_user.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1ae3ec7c18b0..ade9988f6e33 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -142,7 +142,8 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
if (!rt)
return 0;
- if (p->id.proto != IPPROTO_ESP)
+ /* As only ESP and AH support ESN feature. */
+ if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
return -EINVAL;
if (p->replay_window != 0)