summaryrefslogtreecommitdiffstats
path: root/net/key
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-06-18 22:43:43 -0700
committerDavid S. Miller <davem@davemloft.net>2005-06-18 22:43:43 -0700
commit4f09f0bbc1cb3c74e8f2047ad4be201a059829ee (patch)
treed5ceba89f401b073cea383fa245c2b6299b7d07e /net/key
parent4666faab095230ec8aa62da6c33391287f281154 (diff)
downloadlinux-stable-4f09f0bbc1cb3c74e8f2047ad4be201a059829ee.tar.gz
linux-stable-4f09f0bbc1cb3c74e8f2047ad4be201a059829ee.tar.bz2
linux-stable-4f09f0bbc1cb3c74e8f2047ad4be201a059829ee.zip
[IPSEC] Fix xfrm to pfkey SA state conversion
This patch adjusts the SA state conversion in af_key such that XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD instead of SADB_STATE_DYING. According to RFC 2367, SADB_STATE_DYING SAs can be turned into mature ones through updating their lifetime settings. Since SAs which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot be resurrected, this value is unsuitable. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'net/key')
-rw-r--r--net/key/af_key.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index d086c117f5f0..560c93c10890 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -656,13 +656,18 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_spi = x->id.spi;
sa->sadb_sa_replay = x->props.replay_window;
- sa->sadb_sa_state = SADB_SASTATE_DYING;
- if (x->km.state == XFRM_STATE_VALID && !x->km.dying)
- sa->sadb_sa_state = SADB_SASTATE_MATURE;
- else if (x->km.state == XFRM_STATE_ACQ)
+ switch (x->km.state) {
+ case XFRM_STATE_VALID:
+ sa->sadb_sa_state = x->km.dying ?
+ SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
+ break;
+ case XFRM_STATE_ACQ:
sa->sadb_sa_state = SADB_SASTATE_LARVAL;
- else if (x->km.state == XFRM_STATE_EXPIRED)
+ break;
+ default:
sa->sadb_sa_state = SADB_SASTATE_DEAD;
+ break;
+ }
sa->sadb_sa_auth = 0;
if (x->aalg) {
struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);