diff options
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/Kconfig | 15 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
2 files changed, 18 insertions, 0 deletions
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig index 58ca6a972c4..0c1c04322ba 100644 --- a/net/xfrm/Kconfig +++ b/net/xfrm/Kconfig @@ -1,6 +1,10 @@ # # XFRM configuration # +config XFRM + bool + depends on NET + config XFRM_USER tristate "IPsec user configuration interface" depends on INET && XFRM @@ -10,3 +14,14 @@ config XFRM_USER If unsure, say Y. +config NET_KEY + tristate "PF_KEY sockets" + select XFRM + ---help--- + PF_KEYv2 socket family, compatible to KAME ones. + They are required if you are going to use IPsec tools ported + from KAME. + + Say Y unless you know what you are doing. + + diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ecade4893a1..8da3e25b2c4 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, if (nr > XFRM_MAX_DEPTH) return NULL; + if (p->dir > XFRM_POLICY_OUT) + return NULL; + xp = xfrm_policy_alloc(GFP_KERNEL); if (xp == NULL) { *dir = -ENOBUFS; |