From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Mon, 25 Apr 2011 19:41:21 +0000 (+0000)
Subject: xfrm: Check for the new replay implementation if an esn state is inserted
X-Git-Tag: v2.6.39-rc6~7^2~16
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=7833aa05b8db63484b43b4b4c389cd4533140afb;p=~emulex%2Finfiniband.git

xfrm: Check for the new replay implementation if an esn state is inserted

IPsec extended sequence numbers can be used only with the new
anti-replay window implementation. So check if the new implementation
is used if an esn state is inserted and return an error if it is not.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d1d60d3ca8..c658cb3bc7c 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -124,6 +124,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
 {
 	struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
 
+	if ((p->flags & XFRM_STATE_ESN) && !rt)
+		return -EINVAL;
+
 	if (!rt)
 		return 0;