From patchwork Tue Apr 26 05:41:21 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steffen Klassert <steffen.klassert@secunet.com>
X-Patchwork-Id: 92855
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 73B12B6F16
	for <patchwork-incoming@ozlabs.org>;
	Tue, 26 Apr 2011 15:40:55 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753073Ab1DZFku (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 26 Apr 2011 01:40:50 -0400
Received: from a.mx.secunet.com ([195.81.216.161]:49163 "EHLO
	a.mx.secunet.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752986Ab1DZFku (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 26 Apr 2011 01:40:50 -0400
Received: from localhost (alg1 [127.0.0.1])
	by a.mx.secunet.com (Postfix) with ESMTP id 20C381A008A;
	Tue, 26 Apr 2011 07:36:16 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from mail-srv1.secumail.de (unknown [10.53.40.200])
	by a.mx.secunet.com (Postfix) with ESMTP id 6BBF71A007C;
	Tue, 26 Apr 2011 07:36:15 +0200 (CEST)
Received: from gauss.dd.secunet.de ([10.182.7.102]) by mail-srv1.secumail.de
	with Microsoft SMTPSVC(6.0.3790.4675);
	Tue, 26 Apr 2011 07:40:48 +0200
Received: by gauss.dd.secunet.de (Postfix, from userid 1000)
	id 232F65C0774; Tue, 26 Apr 2011 07:41:21 +0200 (CEST)
Date: Tue, 26 Apr 2011 07:41:21 +0200
From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>
Cc: netdev@vger.kernel.org
Subject: [PATCH net-2.6 3/4] xfrm: Check for the new replay implementation
	if an esn state is inserted
Message-ID: <20110426054121.GH5495@secunet.com>
References: <20110426053923.GF5495@secunet.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20110426053923.GF5495@secunet.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-OriginalArrivalTime: 26 Apr 2011 05:40:48.0972 (UTC)
	FILETIME=[7F3F80C0:01CC03D4]
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

IPsec extended sequence numbers can be used only with the new
anti-replay window implementation. So check if the new implementation
is used if an esn state is inserted and return an error if it is not.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 net/xfrm/xfrm_user.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d1d60d..c658cb3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -124,6 +124,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
 {
 	struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
 
+	if ((p->flags & XFRM_STATE_ESN) && !rt)
+		return -EINVAL;
+
 	if (!rt)
 		return 0;