提交 d81d2285 编写于 作者: M Martin Willi 提交者: David S. Miller

xfrm: Accept XFRM_STATE_AF_UNSPEC SAs on IPv4/IPv6 only hosts

Installing SAs using the XFRM_STATE_AF_UNSPEC fails on hosts with
support for one address family only. This patch accepts such SAs, even
if the processing of not supported packets will fail.
Signed-off-by: NMartin Willi <martin@strongswan.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 29fa0b30
...@@ -2022,8 +2022,9 @@ int xfrm_init_state(struct xfrm_state *x) ...@@ -2022,8 +2022,9 @@ int xfrm_init_state(struct xfrm_state *x)
x->inner_mode = inner_mode; x->inner_mode = inner_mode;
} else { } else {
struct xfrm_mode *inner_mode_iaf; struct xfrm_mode *inner_mode_iaf;
int iafamily = AF_INET;
inner_mode = xfrm_get_mode(x->props.mode, AF_INET); inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
if (inner_mode == NULL) if (inner_mode == NULL)
goto error; goto error;
...@@ -2031,22 +2032,17 @@ int xfrm_init_state(struct xfrm_state *x) ...@@ -2031,22 +2032,17 @@ int xfrm_init_state(struct xfrm_state *x)
xfrm_put_mode(inner_mode); xfrm_put_mode(inner_mode);
goto error; goto error;
} }
x->inner_mode = inner_mode;
inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6); if (x->props.family == AF_INET)
if (inner_mode_iaf == NULL) iafamily = AF_INET6;
goto error;
if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) { inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
xfrm_put_mode(inner_mode_iaf); if (inner_mode_iaf) {
goto error; if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
} x->inner_mode_iaf = inner_mode_iaf;
else
if (x->props.family == AF_INET) { xfrm_put_mode(inner_mode_iaf);
x->inner_mode = inner_mode;
x->inner_mode_iaf = inner_mode_iaf;
} else {
x->inner_mode = inner_mode_iaf;
x->inner_mode_iaf = inner_mode;
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册