diff options
author | Fan Du <fan.du@windriver.com> | 2013-12-16 18:47:49 +0800 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-12-16 12:54:02 +0100 |
commit | 776e9dd90ca223b82166eb2835389493b5914cba (patch) | |
tree | 565d2ac3f67fe6fa88e789fe94ac5cf9ee3a3d4b /net/xfrm/xfrm_state.c | |
parent | ea9884b3acf3311c8a11db67bfab21773f6f82ba (diff) |
xfrm: export verify_userspi_info for pkfey and netlink interface
In order to check against valid IPcomp spi range, export verify_userspi_info
for both pfkey and netlink interface.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_state.c')
-rw-r--r-- | net/xfrm/xfrm_state.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e845066547c..a62c25ea363 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1489,6 +1489,30 @@ u32 xfrm_get_acqseq(void) } EXPORT_SYMBOL(xfrm_get_acqseq); +int verify_spi_info(u8 proto, u32 min, u32 max) +{ + switch (proto) { + case IPPROTO_AH: + case IPPROTO_ESP: + break; + + case IPPROTO_COMP: + /* IPCOMP spi is 16-bits. */ + if (max >= 0x10000) + return -EINVAL; + break; + + default: + return -EINVAL; + } + + if (min > max) + return -EINVAL; + + return 0; +} +EXPORT_SYMBOL(verify_spi_info); + int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) { struct net *net = xs_net(x); |