diff options
author | Michael Rossberg <michael.rossberg@tu-ilmenau.de> | 2015-09-29 11:25:08 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2015-09-29 11:45:55 +0200 |
commit | 4e077237cfb6ab13701d504060d3ae248b191e6e (patch) | |
tree | 3f617f60f9e32054765a57383e52ab0629c5f027 /net/xfrm | |
parent | xfrm6: Fix ICMPv6 and MH header checks in _decode_session6 (diff) | |
download | linux-4e077237cfb6ab13701d504060d3ae248b191e6e.tar.xz linux-4e077237cfb6ab13701d504060d3ae248b191e6e.zip |
xfrm: Fix state threshold configuration from userspace
Allow to change the replay threshold (XFRMA_REPLAY_THRESH) and expiry
timer (XFRMA_ETIMER_THRESH) of a state without having to set other
attributes like replay counter and byte lifetime. Changing these other
values while traffic flows will break the state.
Signed-off-by: Michael Rossberg <michael.rossberg@tu-ilmenau.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a8de9e300200..24e06a2377f6 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1928,8 +1928,10 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; + struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; + struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; - if (!lt && !rp && !re) + if (!lt && !rp && !re && !et && !rt) return err; /* pedantic mode - thou shalt sayeth replaceth */ |