summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasahide NAKAMURA <nakam@linux-ipv6.org>2006-08-23 17:49:52 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:06:32 -0700
commitdc00a525603650a1471c823a1e48c6505c2f9765 (patch)
tree5ea2b999a564daf2f6fb217db13859db702b4537
parent5794708f11551b6d19b10673abf4b0202f66b44d (diff)
downloadkernel-crypto-dc00a525603650a1471c823a1e48c6505c2f9765.tar.gz
kernel-crypto-dc00a525603650a1471c823a1e48c6505c2f9765.tar.xz
kernel-crypto-dc00a525603650a1471c823a1e48c6505c2f9765.zip
[XFRM] STATE: Allow non IPsec protocol.
It will be added two more transformation protocols (routing header and destination options header) for Mobile IPv6. xfrm_id_proto_match() can be handle zero as all, IPSEC_PROTO_ANY as all IPsec and otherwise as exact one. Based on MIPL2 kernel patch. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h5
-rw-r--r--net/xfrm/xfrm_user.c2
2 files changed, 5 insertions, 2 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5b364b0a6a2..2a7d2132a1a 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -838,7 +838,10 @@ static inline int xfrm_state_kern(struct xfrm_state *x)
static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
{
- return (userproto == IPSEC_PROTO_ANY || proto == userproto);
+ return (!userproto || proto == userproto ||
+ (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
+ proto == IPPROTO_ESP ||
+ proto == IPPROTO_COMP)));
}
/*
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0d580ac1977..41f3d51ffc3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -542,7 +542,7 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb)
info.nlmsg_flags = NLM_F_MULTI;
info.this_idx = 0;
info.start_idx = cb->args[0];
- (void) xfrm_state_walk(IPSEC_PROTO_ANY, dump_one_state, &info);
+ (void) xfrm_state_walk(0, dump_one_state, &info);
cb->args[0] = info.this_idx;
return skb->len;