Skip to content

Commit

Permalink
xfrm: Restrict extended sequence numbers to esp
Browse files Browse the repository at this point in the history 
The IPsec extended sequence numbers are fully implemented just for
esp. So restrict the usage to esp until other protocols have
support too.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Steffen Klassert authored and David S. Miller committed Mar 29, 2011
1 parent e2b1912 commit 02aadf7
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/xfrm/xfrm_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
if (!rt)
return 0;

if (p->id.proto != IPPROTO_ESP)
return -EINVAL;

if (p->replay_window != 0)
return -EINVAL;

Expand Down

0 comments on commit 02aadf7

Please sign in to comment.