summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h3
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/xfrm/xfrm_policy.c2
-rw-r--r--net/xfrm/xfrm_user.c2
4 files changed, 7 insertions, 2 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b56b6a10fe5..baa9f372cfd 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -436,6 +436,9 @@ struct xfrm_tmpl
/* May skip this transfomration if no SA is found */
__u8 optional;
+/* Skip aalgos/ealgos/calgos checks. */
+ __u8 allalgs;
+
/* Bit mask of algos allowed for acquisition */
__u32 aalgos;
__u32 ealgos;
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1fb0fe42a72..81a8e5297ad 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1907,7 +1907,7 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
t->encap_family = xp->family;
/* No way to set this via kame pfkey */
- t->aalgos = t->ealgos = t->calgos = ~0;
+ t->allalgs = 1;
xp->xfrm_nr++;
return 0;
}
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ab4d0e598a2..e0c0390613c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1819,7 +1819,7 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
(x->id.spi == tmpl->id.spi || !tmpl->id.spi) &&
(x->props.reqid == tmpl->reqid || !tmpl->reqid) &&
x->props.mode == tmpl->mode &&
- ((tmpl->aalgos & (1<<x->props.aalgo)) ||
+ (tmpl->allalgs || (tmpl->aalgos & (1<<x->props.aalgo)) ||
!(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) &&
!(x->props.mode != XFRM_MODE_TRANSPORT &&
xfrm_state_addr_cmp(tmpl, x, family));
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1810f5645bb..22a30ae582a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -981,6 +981,8 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
t->aalgos = ut->aalgos;
t->ealgos = ut->ealgos;
t->calgos = ut->calgos;
+ /* If all masks are ~0, then we allow all algorithms. */
+ t->allalgs = !~(t->aalgos & t->ealgos & t->calgos);
t->encap_family = ut->family;
}
}