xfrm: Don't prohibit AH from using ESN feature

Clear checking when user try to use ESN through netlink keymgr for AH. As only ESP and AH support ESN feature according to RFC. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-01-18 09:54:28 +08:00 · 2014-01-18 09:54:28 +08:00 · 01714109ea
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@ -142,7 +142,8 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
 	if (!rt)
 		return 0;

-	if (p->id.proto != IPPROTO_ESP)
+	/* As only ESP and AH support ESN feature. */
+	if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
 		return -EINVAL;

 	if (p->replay_window != 0)